001/* 002 * Copyright 2008-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2008-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2015-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk.unboundidds.extensions; 037 038 039 040import java.io.Serializable; 041import java.text.ParseException; 042import java.util.ArrayList; 043import java.util.Date; 044 045import com.unboundid.asn1.ASN1Element; 046import com.unboundid.asn1.ASN1Enumerated; 047import com.unboundid.asn1.ASN1OctetString; 048import com.unboundid.asn1.ASN1Sequence; 049import com.unboundid.ldap.sdk.LDAPException; 050import com.unboundid.ldap.sdk.ResultCode; 051import com.unboundid.util.Debug; 052import com.unboundid.util.NotMutable; 053import com.unboundid.util.StaticUtils; 054import com.unboundid.util.ThreadSafety; 055import com.unboundid.util.ThreadSafetyLevel; 056 057import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*; 058 059 060 061/** 062 * This class defines an operation that may be used in conjunction with the 063 * password policy state extended operation. A password policy state operation 064 * can be used to get or set various properties of the password policy state for 065 * a user. 066 * <BR> 067 * <BLOCKQUOTE> 068 * <B>NOTE:</B> This class, and other classes within the 069 * {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only 070 * supported for use against Ping Identity, UnboundID, and 071 * Nokia/Alcatel-Lucent 8661 server products. These classes provide support 072 * for proprietary functionality or for external specifications that are not 073 * considered stable or mature enough to be guaranteed to work in an 074 * interoperable way with other types of LDAP servers. 075 * </BLOCKQUOTE> 076 * <BR> 077 * Operations that are available for use with the password policy state 078 * operation include: 079 * <UL> 080 * <LI>Get the DN of the password policy configuration entry for the target 081 * user.</LI> 082 * <LI>Determine whether an account is usable (may authenticate or be used as 083 * an alternate authorization identity.</LI> 084 * <LI>Retrieve the set of account usability notice, warning, and error 085 * messages for a user.</LI> 086 * <LI>Get, set, and clear the account disabled flag for the target user.</LI> 087 * <LI>Get, set, and clear the account activation time for the target 088 * user.</LI> 089 * <LI>Get, set, and clear the account expiration time for the target 090 * user.</LI> 091 * <LI>Get the length of time in seconds until the target user account 092 * expires.</LI> 093 * <LI>Get the time that the target user's password was last changed.</LI> 094 * <LI>Get and clear the time that the first password expiration warning was 095 * sent to the user.</LI> 096 * <LI>Get the length of time in seconds until the target user's password 097 * expires and the password expiration time for the account.</LI> 098 * <LI>Get the length of time in seconds until the user should receive the 099 * first warning about an upcoming password expiration.</LI> 100 * <LI>Determine whether the user's password is expired.</LI> 101 * <LI>Determine whether the account is locked because of failed 102 * authentication attempts, an idle lockout, or a password reset 103 * lockout.</LI> 104 * <LI>Get, update, set, and clear the list of times that the target user has 105 * unsuccessfully tried to authenticate since the last successful 106 * authentication.</LI> 107 * <LI>Get the number of remaining failed authentication attempts for the 108 * target user before the account is locked.</LI> 109 * <LI>Get the length of time in seconds until the target user's account is 110 * automatically unlocked after it was locked due to failed authentication 111 * attempts.</LI> 112 * <LI>Get, set, and clear the time that the user last authenticated to the 113 * server.</LI> 114 * <LI>Get, set, and clear the IP address of the client from which the user 115 * last authenticated to the server.</LI> 116 * <LI>Get the length of time in seconds until the user account may be locked 117 * after remaining idle.</LI> 118 * <LI>Get, set, and clear the flag that controls whether the target user must 119 * change his/her password before being allowed to perform any other 120 * operations.</LI> 121 * <LI>Get the length of time in seconds until the user's account is locked 122 * after failing to change the password after an administrative 123 * reset.</LI> 124 * <LI>Get, update, set, and clear the times that the target user has 125 * authenticated using a grace login after the password had expired.</LI> 126 * <LI>Retrieve the number of remaining grace logins for the user.</LI> 127 * <LI>Get, set, and clear the required password change time for the target 128 * user.</LI> 129 * <LI>Retrieve the length of time in seconds until the target user's account 130 * will be locked as a result of failing to comply with a password change 131 * by required time.</LI> 132 * <LI>Get the password history count for the target user.</LI> 133 * <LI>Clear the password history for the target user.</LI> 134 * <LI>Get information about or purge a user's retired password.</LI> 135 * <LI>Get information about which SASL mechanisms are available for a 136 * user.</LI> 137 * <LI>Get information about which OTP delivery mechanisms are available for a 138 * user.</LI> 139 * <LI>Determine whether a user has any TOTP shared secrets and manipulate the 140 * registered secrets.</LI> 141 * <LI>Get, set, and clear the public IDs of any YubiKey OTP devices 142 * registered for a user.</LI> 143 * <LI>Determine whether the user has a static password.</LI> 144 * </UL> 145 * Note that many of these methods are dependent upon the password policy 146 * configuration for the target user and therefore some of them may not be 147 * applicable for some users. For example, if password expiration is not 148 * enabled in the password policy associated with the target user, then 149 * operations that involve password expiration will have no effect and/or will 150 * have a return value that indicates that password expiration is not in effect. 151 */ 152@NotMutable() 153@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 154public final class PasswordPolicyStateOperation 155 implements Serializable 156{ 157 /** 158 * The operation type that may be used to retrieve the DN of the password 159 * policy to which the user is subject. 160 */ 161 public static final int OP_TYPE_GET_PW_POLICY_DN = 0; 162 163 164 165 /** 166 * The operation type that may be used to determine whether the user account 167 * is disabled. 168 */ 169 public static final int OP_TYPE_GET_ACCOUNT_DISABLED_STATE = 1; 170 171 172 173 /** 174 * The operation type that may be used to specify whether the user account is 175 * disabled. 176 */ 177 public static final int OP_TYPE_SET_ACCOUNT_DISABLED_STATE = 2; 178 179 180 181 /** 182 * The operation type that may be used to clear the account disabled flag in 183 * the user's entry. 184 */ 185 public static final int OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE = 3; 186 187 188 189 /** 190 * The operation type that may be used to get the time that the user's account 191 * will expire. 192 */ 193 public static final int OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME = 4; 194 195 196 197 /** 198 * The operation type that may be used to set the time that the user's account 199 * will expire. 200 */ 201 public static final int OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME = 5; 202 203 204 205 /** 206 * The operation type that may be used to clear the user's account expiration 207 * time. 208 */ 209 public static final int OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME = 6; 210 211 212 213 /** 214 * The operation type that may be used to retrieve the length of time in 215 * seconds until the user's account expires. 216 */ 217 public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION = 7; 218 219 220 221 /** 222 * The operation type that may be used to get the time that the user's 223 * password was last changed. 224 */ 225 public static final int OP_TYPE_GET_PW_CHANGED_TIME = 8; 226 227 228 229 /** 230 * The operation type that may be used to set the time that the user's 231 * password was last changed. 232 */ 233 public static final int OP_TYPE_SET_PW_CHANGED_TIME = 9; 234 235 236 237 /** 238 * The operation type that may be used to clear the password changed time in 239 * the user's account. 240 */ 241 public static final int OP_TYPE_CLEAR_PW_CHANGED_TIME = 10; 242 243 244 245 /** 246 * The operation type that may be used to get the time that the user was 247 * first sent a password expiration warning. 248 */ 249 public static final int OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME = 11; 250 251 252 253 /** 254 * The operation type that may be used to set the time that the user was 255 * first sent a password expiration warning. 256 */ 257 public static final int OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME = 12; 258 259 260 261 /** 262 * The operation type that may be used to clear the password expiration warned 263 * time from the user's entry. 264 */ 265 public static final int OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME = 13; 266 267 268 269 /** 270 * The operation type that may be used to get the length of time in seconds 271 * until the user's password expires. 272 */ 273 public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION = 14; 274 275 276 277 /** 278 * The operation type that may be used to get the length of time in seconds 279 * until the user will be eligible to receive a password expiration warning. 280 */ 281 public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING = 15; 282 283 284 285 /** 286 * The operation type that may be used to get the set of times that the user 287 * has unsuccessfully tried to authenticate since the last successful attempt. 288 */ 289 public static final int OP_TYPE_GET_AUTH_FAILURE_TIMES = 16; 290 291 292 293 /** 294 * The operation type that may be used to add a new authentication failure 295 * time to the user's account. 296 */ 297 public static final int OP_TYPE_ADD_AUTH_FAILURE_TIME = 17; 298 299 300 301 /** 302 * The operation type that may be used to set the set of times that the user 303 * has unsuccessfully tried to authenticate since the last successful attempt. 304 */ 305 public static final int OP_TYPE_SET_AUTH_FAILURE_TIMES = 18; 306 307 308 309 /** 310 * The operation type that may be used to clear the authentication failure 311 * times in the user account. 312 */ 313 public static final int OP_TYPE_CLEAR_AUTH_FAILURE_TIMES = 19; 314 315 316 317 /** 318 * The operation type that may be used to retrieve the length of time in 319 * seconds until the user's account is unlocked. 320 */ 321 public static final int OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK = 20; 322 323 324 325 /** 326 * The operation type that may be used to retrieve the number of failed 327 * authentication attempts that the user has before the account is locked. 328 */ 329 public static final int OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT = 21; 330 331 332 333 /** 334 * The operation type that may be used to retrieve the time that the user last 335 * authenticated to the server. 336 */ 337 public static final int OP_TYPE_GET_LAST_LOGIN_TIME = 22; 338 339 340 341 /** 342 * The operation type that may be used to set the time that the user last 343 * authenticated to the server. 344 */ 345 public static final int OP_TYPE_SET_LAST_LOGIN_TIME = 23; 346 347 348 349 /** 350 * The operation type that may be used to clear the last login time in the 351 * user's entry. 352 */ 353 public static final int OP_TYPE_CLEAR_LAST_LOGIN_TIME = 24; 354 355 356 357 /** 358 * The operation type that may be used to get the length of time in seconds 359 * until the user account is locked due to inactivity. 360 */ 361 public static final int OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT = 25; 362 363 364 365 /** 366 * The operation type that may be used to determine whether a user's password 367 * has been reset by an administrator and must be changed. 368 */ 369 public static final int OP_TYPE_GET_PW_RESET_STATE = 26; 370 371 372 373 /** 374 * The operation type that may be used to set the flag to indicate whether a 375 * user's password has been reset by an administrator and must be changed. 376 */ 377 public static final int OP_TYPE_SET_PW_RESET_STATE = 27; 378 379 380 381 /** 382 * The operation type that may be used to clear the password reset flag in the 383 * user's entry. 384 */ 385 public static final int OP_TYPE_CLEAR_PW_RESET_STATE = 28; 386 387 388 389 /** 390 * The operation type that may be used to get the length of time in seconds 391 * until the user's account is locked due to failure to change the password 392 * after an administrative reset. 393 */ 394 public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT = 29; 395 396 397 398 /** 399 * The operation type that may be used to retrieve the times that the user has 400 * authenticated using a grace login after his/her password has expired. 401 */ 402 public static final int OP_TYPE_GET_GRACE_LOGIN_USE_TIMES = 30; 403 404 405 406 /** 407 * The operation type that may be used add a value to the set of times that 408 * the user has authenticated using a grace login after his/her password has 409 * expired. 410 */ 411 public static final int OP_TYPE_ADD_GRACE_LOGIN_USE_TIME = 31; 412 413 414 415 /** 416 * The operation type that may be used to set the times that the user has 417 * authenticated using a grace login after his/her password has expired. 418 */ 419 public static final int OP_TYPE_SET_GRACE_LOGIN_USE_TIMES = 32; 420 421 422 423 /** 424 * The operation type that may be used to clear the set of times that the user 425 * has authenticated using a grace login after his/her password has expired. 426 */ 427 public static final int OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES = 33; 428 429 430 431 /** 432 * The operation type that may be used to retrieve the number of grace logins 433 * available for the user. 434 */ 435 public static final int OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT = 34; 436 437 438 439 /** 440 * The operation type that may be used to retrieve the last time that the 441 * user's password was changed during a required change period. 442 */ 443 public static final int OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME = 35; 444 445 446 447 /** 448 * The operation type that may be used to set the last time that the 449 * user's password was changed during a required change period. 450 */ 451 public static final int OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME = 36; 452 453 454 455 /** 456 * The operation type that may be used to clear the last time that the 457 * user's password was changed during a required change period. 458 */ 459 public static final int OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME = 37; 460 461 462 463 /** 464 * The operation type that may be used to get the length of time in seconds 465 * until the user's account will be locked due to a failure to change the 466 * password by a required time. 467 */ 468 public static final int OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME = 38; 469 470 471 472 /** 473 * The operation type that may be used to retrieve the stored password history 474 * values for a user. 475 * 476 * @deprecated This operation type has been deprecated in favor of the 477 * {@link #OP_TYPE_GET_PW_HISTORY_COUNT} operation type. 478 */ 479 @Deprecated() 480 public static final int OP_TYPE_GET_PW_HISTORY = 39; 481 482 483 484 /** 485 * The operation type that may be used to clear the stored password history 486 * values for a user. 487 */ 488 public static final int OP_TYPE_CLEAR_PW_HISTORY = 40; 489 490 491 492 /** 493 * The operation type that may be used to determine whether a user has a valid 494 * retired password. 495 */ 496 public static final int OP_TYPE_HAS_RETIRED_PASSWORD = 41; 497 498 499 500 /** 501 * The operation type that may be used to retrieve the time that the user's 502 * former password was retired. 503 */ 504 public static final int OP_TYPE_GET_PASSWORD_RETIRED_TIME = 42; 505 506 507 508 /** 509 * The operation type that may be used to retrieve the time that the user's 510 * retired password will expire. 511 */ 512 public static final int OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME = 43; 513 514 515 516 /** 517 * The operation type that may be used to purge any retired password from the 518 * user's entry. 519 */ 520 public static final int OP_TYPE_PURGE_RETIRED_PASSWORD = 44; 521 522 523 524 /** 525 * The operation type that may be used to get the time that the user's account 526 * will become active. 527 */ 528 public static final int OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME = 45; 529 530 531 532 /** 533 * The operation type that may be used to set the time that the user's account 534 * will become active. 535 */ 536 public static final int OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME = 46; 537 538 539 540 /** 541 * The operation type that may be used to clear the user's account activation 542 * time. 543 */ 544 public static final int OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME = 47; 545 546 547 548 /** 549 * The operation type that may be used to retrieve the length of time in 550 * seconds until the user's account will become active. 551 */ 552 public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION = 48; 553 554 555 556 /** 557 * The operation type that may be used to retrieve the IP address from which 558 * the user last authenticated to the server. 559 */ 560 public static final int OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS = 49; 561 562 563 564 /** 565 * The operation type that may be used to set the IP address from which the 566 * user last authenticated to the server. 567 */ 568 public static final int OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS = 50; 569 570 571 572 /** 573 * The operation type that may be used to clear the last login IP address in 574 * the user's entry. 575 */ 576 public static final int OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS = 51; 577 578 579 580 /** 581 * The operation type that may be used to retrieve a list of structured 582 * strings that provide information about notices pertaining to account 583 * usability. 584 */ 585 public static final int OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES = 52; 586 587 588 589 /** 590 * The operation type that may be used to retrieve a list of structured 591 * strings that provide information about warnings that may affect the account 592 * usability. 593 */ 594 public static final int OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS = 53; 595 596 597 598 /** 599 * The operation type that may be used to retrieve a list of structured 600 * strings that provide information about errors that may affect the account 601 * usability. 602 */ 603 public static final int OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS = 54; 604 605 606 607 /** 608 * The operation type that may be used to determine whether an account is 609 * usable (i.e., the account may authenticate or be used as an alternate 610 * authorization identity). 611 */ 612 public static final int OP_TYPE_GET_ACCOUNT_IS_USABLE = 55; 613 614 615 616 /** 617 * The operation type that may be used to determine whether an account is 618 * not yet active (because the account activation time is in the future). 619 */ 620 public static final int OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE = 56; 621 622 623 624 /** 625 * The operation type that may be used to determine whether an account is 626 * expired (because the account expiration time is in the past). 627 */ 628 public static final int OP_TYPE_GET_ACCOUNT_IS_EXPIRED = 57; 629 630 631 632 /** 633 * The operation type that may be used to determine when a user's password 634 * will expire. 635 */ 636 public static final int OP_TYPE_GET_PW_EXPIRATION_TIME = 58; 637 638 639 640 /** 641 * The operation type that may be used to determine whether a user's account 642 * is locked because of too many authentication failures. 643 */ 644 public static final int OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED = 59; 645 646 647 648 /** 649 * The operation type that may be used to specify whether a user's account 650 * is locked because of too many authentication failures. 651 */ 652 public static final int OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED = 60; 653 654 655 656 /** 657 * The operation type that may be used to determine the failure lockout time 658 * for a user account. 659 */ 660 public static final int OP_TYPE_GET_FAILURE_LOCKOUT_TIME = 61; 661 662 663 664 /** 665 * The operation type that may be used to determine whether a user's account 666 * is locked because it has been idle for too long. 667 */ 668 public static final int OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED = 62; 669 670 671 672 /** 673 * The operation type that may be used to determine the idle lockout time for 674 * a user account. 675 */ 676 public static final int OP_TYPE_GET_IDLE_LOCKOUT_TIME = 63; 677 678 679 680 /** 681 * The operation type that may be used to determine whether a user's account 682 * is locked because the user did not change their password in a timely manner 683 * after an administrative reset. 684 */ 685 public static final int OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED = 64; 686 687 688 689 /** 690 * The operation type that may be used to determine the reset lockout time for 691 * a user account. 692 */ 693 public static final int OP_TYPE_GET_RESET_LOCKOUT_TIME = 65; 694 695 696 697 /** 698 * The operation type that may be used to retrieve the password history count 699 * for a user. 700 */ 701 public static final int OP_TYPE_GET_PW_HISTORY_COUNT = 66; 702 703 704 705 /** 706 * The operation type that may be used to determine whether a user's password 707 * is expired. 708 */ 709 public static final int OP_TYPE_GET_PW_IS_EXPIRED = 67; 710 711 712 713 /** 714 * The operation type that may be used to retrieve a list of the SASL 715 * mechanisms that are available for a user. 716 */ 717 public static final int OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS = 68; 718 719 720 721 /** 722 * The operation type that may be used to retrieve a list of the one-time 723 * password delivery mechanisms that are available for a user. 724 */ 725 public static final int OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS = 69; 726 727 728 729 /** 730 * The operation type that may be used to determine whether a user has one or 731 * more TOTP shared secrets. 732 */ 733 public static final int OP_TYPE_HAS_TOTP_SHARED_SECRET = 70; 734 735 736 737 /** 738 * The operation type that may be used to retrieve get the set of public IDs 739 * for the registered YubiKey OTP devices for a user. 740 */ 741 public static final int OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS = 71; 742 743 744 745 /** 746 * The operation type that may be used to add a value to the set of registered 747 * YubiKey OTP device public IDs for a user. 748 */ 749 public static final int OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID = 72; 750 751 752 753 /** 754 * The operation type that may be used to remove a value from the set of 755 * registered YubiKey OTP device public IDs for a user. 756 */ 757 public static final int OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID = 73; 758 759 760 761 /** 762 * The operation type that may be used to replace the set of public IDs for 763 * the registered YubiKey OTP devices for a user. 764 */ 765 public static final int OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS = 74; 766 767 768 769 /** 770 * The operation type that may be used to clear the set of public IDs for 771 * the registered YubiKey OTP devices for a user. 772 */ 773 public static final int OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS = 75; 774 775 776 777 /** 778 * The operation type that may be used to add a value to the set of registered 779 * TOTP shared secrets for a user. 780 */ 781 public static final int OP_TYPE_ADD_TOTP_SHARED_SECRET = 76; 782 783 784 785 /** 786 * The operation type that may be used to remove a value from the set of 787 * registered TOTP shared secrets for a user. 788 */ 789 public static final int OP_TYPE_REMOVE_TOTP_SHARED_SECRET = 77; 790 791 792 793 /** 794 * The operation type that may be used to replace the set of registered TOTP 795 * shared secrets for a user. 796 */ 797 public static final int OP_TYPE_SET_TOTP_SHARED_SECRETS = 78; 798 799 800 801 /** 802 * The operation type that may be used to clear the set of TOTP shared secrets 803 * for a user. 804 */ 805 public static final int OP_TYPE_CLEAR_TOTP_SHARED_SECRETS = 79; 806 807 808 809 /** 810 * The operation type that may be used to determine whether a user has one 811 * or more registered YubiKey OTP devices. 812 * shared secret. 813 */ 814 public static final int OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID = 80; 815 816 817 818 /** 819 * The operation type that may be used to determine whether a user has a 820 * static password. 821 */ 822 public static final int OP_TYPE_HAS_STATIC_PASSWORD = 81; 823 824 825 826 /** 827 * The set of values that will be used if there are no values. 828 */ 829 private static final ASN1OctetString[] NO_VALUES = new ASN1OctetString[0]; 830 831 832 833 /** 834 * The serial version UID for this serializable class. 835 */ 836 private static final long serialVersionUID = -7004621958353828598L; 837 838 839 840 // The set of values for this operation. 841 private final ASN1OctetString[] values; 842 843 // The operation type for this operation. 844 private final int opType; 845 846 847 848 /** 849 * Creates a new password policy state operation with the specified operation 850 * type and no values. 851 * 852 * @param opType The operation type for this password policy state 853 * operation. 854 */ 855 public PasswordPolicyStateOperation(final int opType) 856 { 857 this(opType, NO_VALUES); 858 } 859 860 861 862 /** 863 * Creates a new password policy state operation with the specified operation 864 * type and set of values. 865 * 866 * @param opType The operation type for this password policy state 867 * operation. 868 * @param values The set of values for this password policy state operation. 869 */ 870 public PasswordPolicyStateOperation(final int opType, 871 final ASN1OctetString[] values) 872 { 873 this.opType = opType; 874 875 if (values == null) 876 { 877 this.values = NO_VALUES; 878 } 879 else 880 { 881 this.values = values; 882 } 883 } 884 885 886 887 /** 888 * Creates a new password policy state operation that may be used to request 889 * the DN of the password policy configuration entry for the user. The result 890 * returned should include an operation of type 891 * {@link #OP_TYPE_GET_PW_POLICY_DN} with a single string value that is the 892 * DN of the password policy configuration entry. 893 * 894 * @return The created password policy state operation. 895 */ 896 public static PasswordPolicyStateOperation 897 createGetPasswordPolicyDNOperation() 898 { 899 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_POLICY_DN); 900 } 901 902 903 904 /** 905 * Creates a new password policy state operation that may be used to determine 906 * whether the user account is disabled. The result returned should include 907 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a 908 * single boolean value of {@code true} if the account is disabled, or 909 * {@code false} if the account is not disabled. 910 * 911 * @return The created password policy state operation. 912 */ 913 public static PasswordPolicyStateOperation 914 createGetAccountDisabledStateOperation() 915 { 916 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_DISABLED_STATE); 917 } 918 919 920 921 /** 922 * Creates a new password policy state operation that may be used to specify 923 * whether the user account is disabled. The result returned should include 924 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a 925 * single boolean value of {@code true} if the account has been disabled, or 926 * {@code false} if the account is not disabled. 927 * 928 * @param isDisabled Indicates whether the user account should be disabled. 929 * 930 * @return The created password policy state operation. 931 */ 932 public static PasswordPolicyStateOperation 933 createSetAccountDisabledStateOperation( 934 final boolean isDisabled) 935 { 936 final ASN1OctetString[] values = 937 { 938 new ASN1OctetString(String.valueOf(isDisabled)) 939 }; 940 941 return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_DISABLED_STATE, 942 values); 943 } 944 945 946 947 /** 948 * Creates a new password policy state operation that may be used to clear 949 * the user account disabled state in the user's entry. The result returned 950 * should include an operation of type 951 * {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a single boolean value of 952 * {@code true} if the account is disabled, or {@code false} if the account is 953 * not disabled. 954 * 955 * @return The created password policy state operation. 956 */ 957 public static PasswordPolicyStateOperation 958 createClearAccountDisabledStateOperation() 959 { 960 return new PasswordPolicyStateOperation( 961 OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE); 962 } 963 964 965 966 /** 967 * Creates a new password policy state operation that may be used to retrieve 968 * the time that the user's account will become active. The result returned 969 * should include an operation of type 970 * {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value 971 * that is the generalized time representation of the account activation time, 972 * or a {@code null} value if the account does not have an activation time. 973 * 974 * @return The created password policy state operation. 975 */ 976 public static PasswordPolicyStateOperation 977 createGetAccountActivationTimeOperation() 978 { 979 return new PasswordPolicyStateOperation( 980 OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME); 981 } 982 983 984 985 /** 986 * Creates a new password policy state operation that may be used to set the 987 * time that the user's account expires. The result returned should include 988 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a 989 * single string value that is the generalized time representation of the 990 * account activation time, or a {@code null} value if the account does not 991 * have an activation time. 992 * 993 * @param expirationTime The time that the user's account should expire. It 994 * may be {@code null} if the server should use the 995 * current time. 996 * 997 * @return The created password policy state operation. 998 */ 999 public static PasswordPolicyStateOperation 1000 createSetAccountActivationTimeOperation( 1001 final Date expirationTime) 1002 { 1003 return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME, 1004 createValues(expirationTime)); 1005 } 1006 1007 1008 1009 /** 1010 * Creates a new password policy state operation that may be used to clear 1011 * the account expiration time in the user's entry. The result returned 1012 * should include an operation of type 1013 * {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value 1014 * that is the generalized time representation of the account activation time, 1015 * or a {@code null} value if the account does not have an activation time. 1016 * 1017 * @return The created password policy state operation. 1018 */ 1019 public static PasswordPolicyStateOperation 1020 createClearAccountActivationTimeOperation() 1021 { 1022 return new PasswordPolicyStateOperation( 1023 OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME); 1024 } 1025 1026 1027 1028 /** 1029 * Creates a new password policy state operation that may be used to determine 1030 * the length of time in seconds until the user's account becomes active. The 1031 * result returned should include an operation of type 1032 * {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION} with a single integer 1033 * value representing the number of seconds until the account becomes active, 1034 * or a {@code null} value if the account does not have an activation time. 1035 * 1036 * @return The created password policy state operation. 1037 */ 1038 public static PasswordPolicyStateOperation 1039 createGetSecondsUntilAccountActivationOperation() 1040 { 1041 return new PasswordPolicyStateOperation( 1042 OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION); 1043 } 1044 1045 1046 1047 /** 1048 * Creates a new password policy state operation that may be used to retrieve 1049 * the time that the user's account expires. The result returned should 1050 * include an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} 1051 * with a single string value that is the generalized time representation of 1052 * the account expiration time, or a {@code null} value if the account does 1053 * not have an expiration time. 1054 * 1055 * @return The created password policy state operation. 1056 */ 1057 public static PasswordPolicyStateOperation 1058 createGetAccountExpirationTimeOperation() 1059 { 1060 return new PasswordPolicyStateOperation( 1061 OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME); 1062 } 1063 1064 1065 1066 /** 1067 * Creates a new password policy state operation that may be used to set the 1068 * time that the user's account expires. The result returned should include 1069 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a 1070 * single string value that is the generalized time representation of the 1071 * account expiration time, or a {@code null} value if the account does not 1072 * have an expiration time. 1073 * 1074 * @param expirationTime The time that the user's account should expire. It 1075 * may be {@code null} if the server should use the 1076 * current time. 1077 * 1078 * @return The created password policy state operation. 1079 */ 1080 public static PasswordPolicyStateOperation 1081 createSetAccountExpirationTimeOperation( 1082 final Date expirationTime) 1083 { 1084 return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME, 1085 createValues(expirationTime)); 1086 } 1087 1088 1089 1090 /** 1091 * Creates a new password policy state operation that may be used to clear 1092 * the account expiration time in the user's entry. The result returned 1093 * should include an operation of type 1094 * {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a single string value 1095 * that is the generalized time representation of the account expiration time, 1096 * or a {@code null} value if the account does not have an expiration time. 1097 * 1098 * @return The created password policy state operation. 1099 */ 1100 public static PasswordPolicyStateOperation 1101 createClearAccountExpirationTimeOperation() 1102 { 1103 return new PasswordPolicyStateOperation( 1104 OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME); 1105 } 1106 1107 1108 1109 /** 1110 * Creates a new password policy state operation that may be used to determine 1111 * the length of time in seconds until the user's account is expired. The 1112 * result returned should include an operation of type 1113 * {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION} with a single integer 1114 * value representing the number of seconds until the account will expire, or 1115 * a {@code null} value if the account does not have an expiration time. 1116 * 1117 * @return The created password policy state operation. 1118 */ 1119 public static PasswordPolicyStateOperation 1120 createGetSecondsUntilAccountExpirationOperation() 1121 { 1122 return new PasswordPolicyStateOperation( 1123 OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION); 1124 } 1125 1126 1127 1128 /** 1129 * Creates a new password policy state operation that may be used to determine 1130 * when the user's password was last changed. The result returned should 1131 * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a 1132 * single string value that is the generalized time representation of the 1133 * time the password was last changed. 1134 * 1135 * @return The created password policy state operation. 1136 */ 1137 public static PasswordPolicyStateOperation 1138 createGetPasswordChangedTimeOperation() 1139 { 1140 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_CHANGED_TIME); 1141 } 1142 1143 1144 1145 /** 1146 * Creates a new password policy state operation that may be used to specify 1147 * when the user's password was last changed. The result returned should 1148 * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a 1149 * single string value that is the generalized time representation of the 1150 * time the password was last changed. 1151 * 1152 * @param passwordChangedTime The time the user's password was last changed. 1153 * It may be {@code null} if the server should 1154 * use the current time. 1155 * 1156 * @return The created password policy state operation. 1157 */ 1158 public static PasswordPolicyStateOperation 1159 createSetPasswordChangedTimeOperation( 1160 final Date passwordChangedTime) 1161 { 1162 return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_CHANGED_TIME, 1163 createValues(passwordChangedTime)); 1164 } 1165 1166 1167 1168 /** 1169 * Creates a new password policy state operation that may be used to clear 1170 * the password changed time from a user's entry. The result returned should 1171 * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a 1172 * single string value that is the generalized time representation of the 1173 * time the password was last changed, or {@code null} if it can no longer be 1174 * determined. 1175 * 1176 * @return The created password policy state operation. 1177 */ 1178 public static PasswordPolicyStateOperation 1179 createClearPasswordChangedTimeOperation() 1180 { 1181 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_CHANGED_TIME); 1182 } 1183 1184 1185 1186 /** 1187 * Creates a new password policy state operation that may be used to determine 1188 * when the user first received a password expiration warning. The result 1189 * returned should include an operation of type 1190 * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value 1191 * that is the generalized time representation of the time the user received 1192 * the first expiration warning. 1193 * 1194 * @return The created password policy state operation. 1195 */ 1196 public static PasswordPolicyStateOperation 1197 createGetPasswordExpirationWarnedTimeOperation() 1198 { 1199 return new PasswordPolicyStateOperation( 1200 OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME); 1201 } 1202 1203 1204 1205 /** 1206 * Creates a new password policy state operation that may be used to specify 1207 * when the user first received a password expiration warning. The result 1208 * returned should include an operation of type 1209 * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value 1210 * that is the generalized time representation of the time the user received 1211 * the first expiration warning. 1212 * 1213 * @param passwordExpirationWarnedTime The password expiration warned time 1214 * for the user. It may be {@code null} 1215 * if the server should use the current 1216 * time. 1217 * 1218 * @return The created password policy state operation. 1219 */ 1220 public static PasswordPolicyStateOperation 1221 createSetPasswordExpirationWarnedTimeOperation( 1222 final Date passwordExpirationWarnedTime) 1223 { 1224 return new PasswordPolicyStateOperation( 1225 OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME, 1226 createValues(passwordExpirationWarnedTime)); 1227 } 1228 1229 1230 1231 /** 1232 * Creates a new password policy state operation that may be used to clear the 1233 * password expiration warned time from the user's entry. The result returned 1234 * should include an operation of type 1235 * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value 1236 * that is the generalized time representation of the time the user received 1237 * the first expiration warning. 1238 * 1239 * @return The created password policy state operation. 1240 */ 1241 public static PasswordPolicyStateOperation 1242 createClearPasswordExpirationWarnedTimeOperation() 1243 { 1244 return new PasswordPolicyStateOperation( 1245 OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME); 1246 } 1247 1248 1249 1250 /** 1251 * Creates a new password policy state operation that may be used to determine 1252 * the length of time in seconds until the user's password expires. The 1253 * result returned should include an operation of type 1254 * {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION} with a single integer 1255 * value that is the number of seconds until the user's password expires, or 1256 * a {@code null} value if the user's password will not expire. 1257 * 1258 * @return The created password policy state operation. 1259 */ 1260 public static PasswordPolicyStateOperation 1261 createGetSecondsUntilPasswordExpirationOperation() 1262 { 1263 return new PasswordPolicyStateOperation( 1264 OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION); 1265 } 1266 1267 1268 1269 /** 1270 * Creates a new password policy state operation that may be used to determine 1271 * the length of time in seconds until the user is eligible to start receiving 1272 * password expiration warnings. The result returned should include an 1273 * operation of type {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING} 1274 * with a single integer value that is the number of seconds until the user is 1275 * eligible to receive the first expiration warning, or a {@code null} value 1276 * if the user's password will not expire. 1277 * 1278 * @return The created password policy state operation. 1279 */ 1280 public static PasswordPolicyStateOperation 1281 createGetSecondsUntilPasswordExpirationWarningOperation() 1282 { 1283 return new PasswordPolicyStateOperation( 1284 OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING); 1285 } 1286 1287 1288 1289 /** 1290 * Creates a new password policy state operation that may be used to retrieve 1291 * the times that the user has unsuccessfully tried to authenticate since the 1292 * last successful authentication. The result returned should include an 1293 * operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of 1294 * string values representing the timestamps (in generalized time format) of 1295 * the authentication failures. 1296 * 1297 * @return The created password policy state operation. 1298 */ 1299 public static PasswordPolicyStateOperation 1300 createGetAuthenticationFailureTimesOperation() 1301 { 1302 return new PasswordPolicyStateOperation(OP_TYPE_GET_AUTH_FAILURE_TIMES); 1303 } 1304 1305 1306 1307 /** 1308 * Creates a new password policy state operation that may be used to add the 1309 * current time to the set of times that the user has unsuccessfully tried to 1310 * authenticate since the last successful authentication. The result returned 1311 * should include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} 1312 * with an array of string values representing the timestamps (in generalized 1313 * time format) of the authentication failures. 1314 * 1315 * @return The created password policy state operation. 1316 */ 1317 public static PasswordPolicyStateOperation 1318 createAddAuthenticationFailureTimeOperation() 1319 { 1320 return createAddAuthenticationFailureTimeOperation(null); 1321 } 1322 1323 1324 1325 /** 1326 * Creates a new password policy state operation that may be used to add the 1327 * specified values to the set of times that the user has unsuccessfully tried 1328 * to authenticate since the last successful authentication. The result 1329 * returned should include an operation of type 1330 * {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of string values 1331 * representing the timestamps (in generalized time format) of the 1332 * authentication failures. 1333 * 1334 * @param authFailureTimes The set of authentication failure time values to 1335 * add. It may be {@code null} or empty if the 1336 * server should add the current time. 1337 * 1338 * @return The created password policy state operation. 1339 */ 1340 public static PasswordPolicyStateOperation 1341 createAddAuthenticationFailureTimeOperation( 1342 final Date[] authFailureTimes) 1343 { 1344 return new PasswordPolicyStateOperation(OP_TYPE_ADD_AUTH_FAILURE_TIME, 1345 createValues(authFailureTimes)); 1346 } 1347 1348 1349 1350 /** 1351 * Creates a new password policy state operation that may be used to specify 1352 * the set of times that the user has unsuccessfully tried to authenticate 1353 * since the last successful authentication. The result returned should 1354 * include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with 1355 * an array of string values representing the timestamps (in generalized time 1356 * format) of the authentication failures. 1357 * 1358 * @param authFailureTimes The set of times that the user has unsuccessfully 1359 * tried to authenticate since the last successful 1360 * authentication. It may be {@code null} or empty 1361 * if the server should use the current time as the 1362 * only failure time. 1363 * 1364 * @return The created password policy state operation. 1365 */ 1366 public static PasswordPolicyStateOperation 1367 createSetAuthenticationFailureTimesOperation( 1368 final Date[] authFailureTimes) 1369 { 1370 return new PasswordPolicyStateOperation(OP_TYPE_SET_AUTH_FAILURE_TIMES, 1371 createValues(authFailureTimes)); 1372 } 1373 1374 1375 1376 /** 1377 * Creates a new password policy state operation that may be used to clear the 1378 * set of times that the user has unsuccessfully tried to authenticate since 1379 * the last successful authentication. The result returned should include an 1380 * operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of 1381 * string values representing the timestamps (in generalized time format) of 1382 * the authentication failures. 1383 * 1384 * @return The created password policy state operation. 1385 */ 1386 public static PasswordPolicyStateOperation 1387 createClearAuthenticationFailureTimesOperation() 1388 { 1389 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_AUTH_FAILURE_TIMES); 1390 } 1391 1392 1393 1394 /** 1395 * Creates a new password policy state operation that may be used to determine 1396 * the length of time in seconds until the user's account is automatically 1397 * unlocked after too many failed authentication attempts. The result 1398 * returned should include an operation of type 1399 * {@link #OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK} with a single 1400 * integer value that represents the number of seconds until the account 1401 * becomes unlocked, or a {@code null} value if the account is not temporarily 1402 * locked as a result of authentication failures. 1403 * 1404 * @return The created password policy state operation. 1405 */ 1406 public static PasswordPolicyStateOperation 1407 createGetSecondsUntilAuthenticationFailureUnlockOperation() 1408 { 1409 return new PasswordPolicyStateOperation( 1410 OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK); 1411 } 1412 1413 1414 1415 /** 1416 * Creates a new password policy state operation that may be used to determine 1417 * the number of authentication failures required to lock the user's account. 1418 * The result returned should include an operation of type 1419 * {@link #OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT} with a single integer 1420 * value that represents the number of authentication failures that a user 1421 * will be permitted before the account is locked, or a {@code null} value if 1422 * the password policy is not configured to lock accounts as a result of too 1423 * many failed authentication attempts. 1424 * 1425 * @return The created password policy state operation. 1426 */ 1427 public static PasswordPolicyStateOperation 1428 createGetRemainingAuthenticationFailureCountOperation() 1429 { 1430 return new PasswordPolicyStateOperation( 1431 OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT); 1432 } 1433 1434 1435 1436 /** 1437 * Creates a new password policy state operation that may be used to determine 1438 * the time that the user last successfully authenticated to the server. The 1439 * result returned should include an operation of type 1440 * {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is 1441 * the generalized time representation of the user's last login time, or a 1442 * {@code null} value if no last login time is available. 1443 * 1444 * @return The created password policy state operation. 1445 */ 1446 public static PasswordPolicyStateOperation createGetLastLoginTimeOperation() 1447 { 1448 return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_TIME); 1449 } 1450 1451 1452 1453 /** 1454 * Creates a new password policy state operation that may be used to set 1455 * the time that the user last successfully authenticated to the server. The 1456 * result returned should include an operation of type 1457 * {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is 1458 * the generalized time representation of the user's last login time, or a 1459 * {@code null} value if no last login time is available. 1460 * 1461 * @param lastLoginTime The last login time to set in the user's entry. It 1462 * may be {@code null} if the server should use the 1463 * current time. 1464 * 1465 * @return The created password policy state operation. 1466 */ 1467 public static PasswordPolicyStateOperation 1468 createSetLastLoginTimeOperation(final Date lastLoginTime) 1469 { 1470 return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_TIME, 1471 createValues(lastLoginTime)); 1472 } 1473 1474 1475 1476 /** 1477 * Creates a new password policy state operation that may be used to clear 1478 * the last login time from the user's entry. The result returned should 1479 * include an operation of type {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a 1480 * single string value that is the generalized time representation of the 1481 * user's last login time, or a {@code null} value if no last login time is 1482 * available. 1483 * 1484 * @return The created password policy state operation. 1485 */ 1486 public static PasswordPolicyStateOperation createClearLastLoginTimeOperation() 1487 { 1488 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_LAST_LOGIN_TIME); 1489 } 1490 1491 1492 1493 /** 1494 * Creates a new password policy state operation that may be used to determine 1495 * the IP address from which the user last successfully authenticated to the 1496 * server. The result returned should include an operation of type 1497 * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that 1498 * is the user's last login IP address, or a {@code null} value if no last 1499 * login IP address is available. 1500 * 1501 * @return The created password policy state operation. 1502 */ 1503 public static PasswordPolicyStateOperation 1504 createGetLastLoginIPAddressOperation() 1505 { 1506 return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS); 1507 } 1508 1509 1510 1511 /** 1512 * Creates a new password policy state operation that may be used to set 1513 * the IP address from which the user last successfully authenticated to the 1514 * server. The result returned should include an operation of type 1515 * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that 1516 * is the user's last login IP address, or a {@code null} value if no last 1517 * login IP address is available. 1518 * 1519 * @param lastLoginIPAddress The last login IP address to set in the user's 1520 * entry. It must not be {@code null}. 1521 * 1522 * @return The created password policy state operation. 1523 */ 1524 public static PasswordPolicyStateOperation 1525 createSetLastLoginIPAddressOperation( 1526 final String lastLoginIPAddress) 1527 { 1528 final ASN1OctetString[] values = 1529 { 1530 new ASN1OctetString(lastLoginIPAddress) 1531 }; 1532 1533 return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS, 1534 values); 1535 } 1536 1537 1538 1539 /** 1540 * Creates a new password policy state operation that may be used to clear 1541 * the last login IP address from the user's entry. The result returned 1542 * should include an operation of type 1543 * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that 1544 * is the user's last login IP address, or a {@code null} value if no last 1545 * login IP address is available. 1546 * 1547 * @return The created password policy state operation. 1548 */ 1549 public static PasswordPolicyStateOperation 1550 createClearLastLoginIPAddressOperation() 1551 { 1552 return new PasswordPolicyStateOperation( 1553 OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS); 1554 } 1555 1556 1557 1558 /** 1559 * Creates a new password policy state operation that may be used to determine 1560 * the length of time in seconds until the user's account is locked due to 1561 * inactivity. The result returned should include an operation of type 1562 * {@link #OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT} with a single integer value 1563 * that represents the number of seconds until the user's account is locked as 1564 * a result of being idle for too long, or a {@code null} value if no idle 1565 * account lockout is configured. 1566 * 1567 * @return The created password policy state operation. 1568 */ 1569 public static PasswordPolicyStateOperation 1570 createGetSecondsUntilIdleLockoutOperation() 1571 { 1572 return new PasswordPolicyStateOperation( 1573 OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT); 1574 } 1575 1576 1577 1578 /** 1579 * Creates a new password policy state operation that may be used to determine 1580 * whether the user's password has been reset by an administrator and must be 1581 * changed before performing any other operations. The result returned should 1582 * include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a 1583 * single boolean value of {@code true} if the user's password must be changed 1584 * before the account can be used, or {@code false} if not. 1585 * 1586 * @return The created password policy state operation. 1587 */ 1588 public static PasswordPolicyStateOperation 1589 createGetPasswordResetStateOperation() 1590 { 1591 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_RESET_STATE); 1592 } 1593 1594 1595 1596 /** 1597 * Creates a new password policy state operation that may be used to specify 1598 * whether the user's password has been reset by an administrator and must be 1599 * changed before performing any other operations. The result returned should 1600 * include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a 1601 * single boolean value of {@code true} if the user's password must be changed 1602 * before the account can be used, or {@code false} if not. 1603 * 1604 * @param isReset Specifies whether the user's password must be changed 1605 * before performing any other operations. 1606 * 1607 * @return The created password policy state operation. 1608 */ 1609 public static PasswordPolicyStateOperation 1610 createSetPasswordResetStateOperation(final boolean isReset) 1611 { 1612 final ASN1OctetString[] values = 1613 { 1614 new ASN1OctetString(String.valueOf(isReset)) 1615 }; 1616 1617 return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_RESET_STATE, values); 1618 } 1619 1620 1621 1622 /** 1623 * Creates a new password policy state operation that may be used to clear the 1624 * password reset state information in the user's entry. The result returned 1625 * should include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} 1626 * with a single boolean value of {@code true} if the user's password must be 1627 * changed before the account can be used, or {@code false} if not. 1628 * 1629 * @return The created password policy state operation. 1630 */ 1631 public static PasswordPolicyStateOperation 1632 createClearPasswordResetStateOperation() 1633 { 1634 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_RESET_STATE); 1635 } 1636 1637 1638 1639 /** 1640 * Creates a new password policy state operation that may be used to determine 1641 * the length of time in seconds that the user has left to change his/her 1642 * password after an administrative reset before the account is locked. The 1643 * result returned should include an operation of type 1644 * {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT} with a single integer 1645 * value that represents the number of seconds until the user's account will 1646 * be locked unless the password is reset, or a {@code null} value if the 1647 * user's password is not in a "must change" state. 1648 * 1649 * @return The created password policy state operation. 1650 */ 1651 public static PasswordPolicyStateOperation 1652 createGetSecondsUntilPasswordResetLockoutOperation() 1653 { 1654 return new PasswordPolicyStateOperation( 1655 OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT); 1656 } 1657 1658 1659 1660 /** 1661 * Creates a new password policy state operation that may be used to retrieve 1662 * the set of times that the user has authenticated using grace logins since 1663 * his/her password expired. The result returned should include an operation 1664 * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string 1665 * values in generalized time format. 1666 * 1667 * @return The created password policy state operation. 1668 */ 1669 public static PasswordPolicyStateOperation 1670 createGetGraceLoginUseTimesOperation() 1671 { 1672 return new PasswordPolicyStateOperation(OP_TYPE_GET_GRACE_LOGIN_USE_TIMES); 1673 } 1674 1675 1676 1677 /** 1678 * Creates a new password policy state operation that may be used to add the 1679 * current time to the set of times that the user has authenticated using 1680 * grace logins since his/her password expired. The result returned should 1681 * include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} 1682 * with an array of string values in generalized time format. 1683 * 1684 * @return The created password policy state operation. 1685 */ 1686 public static PasswordPolicyStateOperation 1687 createAddGraceLoginUseTimeOperation() 1688 { 1689 return createAddGraceLoginUseTimeOperation(null); 1690 } 1691 1692 1693 1694 /** 1695 * Creates a new password policy state operation that may be used to add the 1696 * current time to the set of times that the user has authenticated using 1697 * grace logins since his/her password expired. The result returned should 1698 * include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} 1699 * with an array of string values in generalized time format. 1700 * 1701 * @param graceLoginUseTimes The set of grace login use times to add. It 1702 * may be {@code null} or empty if the server 1703 * should add the current time to the set of grace 1704 * login times. 1705 * 1706 * @return The created password policy state operation. 1707 */ 1708 public static PasswordPolicyStateOperation 1709 createAddGraceLoginUseTimeOperation( 1710 final Date[] graceLoginUseTimes) 1711 { 1712 return new PasswordPolicyStateOperation(OP_TYPE_ADD_GRACE_LOGIN_USE_TIME, 1713 createValues(graceLoginUseTimes)); 1714 } 1715 1716 1717 1718 /** 1719 * Creates a new password policy state operation that may be used to specify 1720 * the set of times that the user has authenticated using grace logins since 1721 * his/her password expired. The result returned should include an operation 1722 * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string 1723 * values in generalized time format. 1724 * 1725 * @param graceLoginUseTimes The set of times that the user has 1726 * authenticated using grace logins since his/her 1727 * password expired. It amy be {@code null} or 1728 * empty if the server should use the current time 1729 * as the only grace login use time. 1730 * 1731 * @return The created password policy state operation. 1732 */ 1733 public static PasswordPolicyStateOperation 1734 createSetGraceLoginUseTimesOperation( 1735 final Date[] graceLoginUseTimes) 1736 { 1737 return new PasswordPolicyStateOperation(OP_TYPE_SET_GRACE_LOGIN_USE_TIMES, 1738 createValues(graceLoginUseTimes)); 1739 } 1740 1741 1742 1743 /** 1744 * Creates a new password policy state operation that may be used to clear 1745 * the set of times that the user has authenticated using grace logins since 1746 * his/her password expired. The result returned should include an operation 1747 * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string 1748 * values in generalized time format. 1749 * 1750 * @return The created password policy state operation. 1751 */ 1752 public static PasswordPolicyStateOperation 1753 createClearGraceLoginUseTimesOperation() 1754 { 1755 return new PasswordPolicyStateOperation( 1756 OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES); 1757 } 1758 1759 1760 1761 /** 1762 * Creates a new password policy state operation that may be used to retrieve 1763 * the number of remaining grace logins available to the user. The result 1764 * returned should include an operation of type 1765 * {@link #OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT} with a single integer 1766 * value that represents the number of remaining grace logins, or a 1767 * {@code null} value if grace login functionality is not enabled for the 1768 * user. 1769 * 1770 * @return The created password policy state operation. 1771 */ 1772 public static PasswordPolicyStateOperation 1773 createGetRemainingGraceLoginCountOperation() 1774 { 1775 return new PasswordPolicyStateOperation( 1776 OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT); 1777 } 1778 1779 1780 1781 /** 1782 * Creates a new password policy state operation that may be used to retrieve 1783 * the last required password change time that with which the user has 1784 * complied. The result returned should include an operation of type 1785 * {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string 1786 * value that is the generalized time representation of the most recent 1787 * required password change time with which the user complied, or a 1788 * {@code null} value if this is not available for the user. 1789 * 1790 * @return The created password policy state operation. 1791 */ 1792 public static PasswordPolicyStateOperation 1793 createGetPasswordChangedByRequiredTimeOperation() 1794 { 1795 return new PasswordPolicyStateOperation( 1796 OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME); 1797 } 1798 1799 1800 1801 /** 1802 * Creates a new password policy state operation that may be used to update 1803 * the user's entry to indicate that he/she has complied with the required 1804 * password change time. The result returned should include an operation of 1805 * type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string 1806 * value that is the generalized time representation of the most recent 1807 * required password change time with which the user complied, or a 1808 * {@code null} value if this is not available for the user. 1809 * 1810 * @return The created password policy state operation. 1811 */ 1812 public static PasswordPolicyStateOperation 1813 createSetPasswordChangedByRequiredTimeOperation() 1814 { 1815 return createSetPasswordChangedByRequiredTimeOperation(null); 1816 } 1817 1818 1819 1820 /** 1821 * Creates a new password policy state operation that may be used to update 1822 * the user's entry to indicate that he/she has complied with the required 1823 * password change time. The result returned should include an operation of 1824 * type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string 1825 * value that is the generalized time representation of the most recent 1826 * required password change time with which the user complied, or a 1827 * {@code null} value if this is not available for the user. 1828 * 1829 * @param requiredTime The required password changed time with which the 1830 * user has complied. It may be {@code null} if the 1831 * server should use the most recent required change 1832 * time. 1833 * 1834 * @return The created password policy state operation. 1835 */ 1836 public static PasswordPolicyStateOperation 1837 createSetPasswordChangedByRequiredTimeOperation( 1838 final Date requiredTime) 1839 { 1840 return new PasswordPolicyStateOperation( 1841 OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME, createValues(requiredTime)); 1842 } 1843 1844 1845 1846 /** 1847 * Creates a new password policy state operation that may be used to clear 1848 * the last required password change time from the user's entry. The result 1849 * returned should include an operation of type 1850 * {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string value 1851 * that is the generalized time representation of the most recent required 1852 * password change time with which the user complied, or a {@code null} value 1853 * if this is not available for the user. 1854 * 1855 * @return The created password policy state operation. 1856 */ 1857 public static PasswordPolicyStateOperation 1858 createClearPasswordChangedByRequiredTimeOperation() 1859 { 1860 return new PasswordPolicyStateOperation( 1861 OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME); 1862 } 1863 1864 1865 1866 /** 1867 * Creates a new password policy state operation that may be used to retrieve 1868 * the length of time in seconds until the required password change time 1869 * arrives. The result returned should include an operation of type 1870 * {@link #OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME} with a single 1871 * integer value that represents the number of seconds before the user will 1872 * be required to change his/her password as a result of the 1873 * require-change-by-time property, or a {@code null} value if the user is 1874 * not required to change their password for this reason. 1875 * 1876 * @return The created password policy state operation. 1877 */ 1878 public static PasswordPolicyStateOperation 1879 createGetSecondsUntilRequiredChangeTimeOperation() 1880 { 1881 return new PasswordPolicyStateOperation( 1882 OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME); 1883 } 1884 1885 1886 1887 /** 1888 * Creates a new password policy state operation that may be used to retrieve 1889 * the password history values stored in the user's entry. The result 1890 * returned should include an operation of type 1891 * {@link #OP_TYPE_GET_PW_HISTORY} with an array of strings representing the 1892 * user's password history content. 1893 * 1894 * @return The created password policy state operation. 1895 * 1896 * @deprecated This method has been deprecated in favor of the 1897 * {@link #createGetPasswordHistoryCountOperation} method. 1898 */ 1899 @Deprecated() 1900 @SuppressWarnings("deprecation") 1901 public static PasswordPolicyStateOperation createGetPasswordHistoryOperation() 1902 { 1903 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY); 1904 } 1905 1906 1907 1908 /** 1909 * Creates a new password policy state operation that may be used to clear the 1910 * password history values stored in the user's entry. The result returned 1911 * should include an operation of type {@link #OP_TYPE_GET_PW_HISTORY} with an 1912 * array of strings representing the user's password history content. 1913 * 1914 * @return The created password policy state operation. 1915 */ 1916 public static PasswordPolicyStateOperation 1917 createClearPasswordHistoryOperation() 1918 { 1919 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_HISTORY); 1920 } 1921 1922 1923 1924 /** 1925 * Creates a new password policy state operation that may be used to determine 1926 * whether the user has a valid retired password. The result returned should 1927 * include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a 1928 * single boolean value of {@code true} if the user has a valid retired 1929 * password, or {@code false} if not. 1930 * 1931 * @return The created password policy state operation. 1932 */ 1933 public static PasswordPolicyStateOperation createHasRetiredPasswordOperation() 1934 { 1935 return new PasswordPolicyStateOperation(OP_TYPE_HAS_RETIRED_PASSWORD); 1936 } 1937 1938 1939 1940 /** 1941 * Creates a new password policy state operation that may be used to determine 1942 * the time that the user's former password was retired. The result returned 1943 * should include an operation of type 1944 * {@link #OP_TYPE_GET_PASSWORD_RETIRED_TIME} with a single string value that 1945 * is the generalized time representation of the time the user's former 1946 * password was retired, or a {@code null} value if the user does not have a 1947 * valid retired password. 1948 * 1949 * @return The created password policy state operation. 1950 */ 1951 public static PasswordPolicyStateOperation 1952 createGetPasswordRetiredTimeOperation() 1953 { 1954 return new PasswordPolicyStateOperation(OP_TYPE_GET_PASSWORD_RETIRED_TIME); 1955 } 1956 1957 1958 1959 /** 1960 * Creates a new password policy state operation that may be used to determine 1961 * the length of time until the user's retired password expires. The result 1962 * returned should include an operation of type 1963 * {@link #OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME} with a single string 1964 * value that is the generalized time representation of the time the user's 1965 * retired password will cease to be valid, or a {@code null} value if the 1966 * user does not have a valid retired password. 1967 * 1968 * @return The created password policy state operation. 1969 */ 1970 public static PasswordPolicyStateOperation 1971 createGetRetiredPasswordExpirationTimeOperation() 1972 { 1973 return new PasswordPolicyStateOperation( 1974 OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME); 1975 } 1976 1977 1978 1979 /** 1980 * Creates a new password policy state operation that may be used to purge 1981 * any retired password from the user's entry. The result returned should 1982 * include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a 1983 * single boolean value of {@code true} if the user has a valid retired 1984 * password, or {@code false} if not. 1985 * 1986 * @return The created password policy state operation. 1987 */ 1988 public static PasswordPolicyStateOperation 1989 createPurgeRetiredPasswordOperation() 1990 { 1991 return new PasswordPolicyStateOperation(OP_TYPE_PURGE_RETIRED_PASSWORD); 1992 } 1993 1994 1995 1996 /** 1997 * Creates a new password policy state operation that may be used to retrieve 1998 * information about any password policy state notices pertaining to the 1999 * usability of the user's account. The result returned should include an 2000 * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES} with an 2001 * array of strings that represent 2002 * {@link PasswordPolicyStateAccountUsabilityWarning} values. 2003 * 2004 * @return The created password policy state operation. 2005 */ 2006 public static PasswordPolicyStateOperation 2007 createGetAccountUsabilityNoticesOperation() 2008 { 2009 return new PasswordPolicyStateOperation( 2010 OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES); 2011 } 2012 2013 2014 2015 /** 2016 * Creates a new password policy state operation that may be used to retrieve 2017 * information about any password policy state warnings that may impact the 2018 * usability of the user's account. The result returned should include an 2019 * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS} with an 2020 * array of strings that represent 2021 * {@link PasswordPolicyStateAccountUsabilityWarning} values. 2022 * 2023 * @return The created password policy state operation. 2024 */ 2025 public static PasswordPolicyStateOperation 2026 createGetAccountUsabilityWarningsOperation() 2027 { 2028 return new PasswordPolicyStateOperation( 2029 OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS); 2030 } 2031 2032 2033 2034 /** 2035 * Creates a new password policy state operation that may be used to retrieve 2036 * information about any password policy state errors that may impact the 2037 * usability of the user's account. The result returned should include an 2038 * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS} with an 2039 * array of strings that represent 2040 * {@link PasswordPolicyStateAccountUsabilityError} values. 2041 * 2042 * @return The created password policy state operation. 2043 */ 2044 public static PasswordPolicyStateOperation 2045 createGetAccountUsabilityErrorsOperation() 2046 { 2047 return new PasswordPolicyStateOperation( 2048 OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS); 2049 } 2050 2051 2052 2053 /** 2054 * Creates a new password policy state operation that may be used to determine 2055 * whether an account is usable (i.e., the account will be allowed to 2056 * authenticate and/or be used as an alternate authorization identity. The 2057 * result returned should include an operation of type 2058 * {@link #OP_TYPE_GET_ACCOUNT_IS_USABLE} with a single boolean value that 2059 * indicates whether the account is usable. 2060 * 2061 * @return The created password policy state operation. 2062 */ 2063 public static PasswordPolicyStateOperation 2064 createGetAccountIsUsableOperation() 2065 { 2066 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_USABLE); 2067 } 2068 2069 2070 2071 /** 2072 * Creates a new password policy state operation that may be used to determine 2073 * whether an account has an activation time that is in the future. The 2074 * result returned should include an operation of type 2075 * {@link #OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE} with a single boolean value 2076 * that indicates whether the account is not yet active. 2077 * 2078 * @return The created password policy state operation. 2079 */ 2080 public static PasswordPolicyStateOperation 2081 createGetAccountIsNotYetActiveOperation() 2082 { 2083 return new PasswordPolicyStateOperation( 2084 OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE); 2085 } 2086 2087 2088 2089 /** 2090 * Creates a new password policy state operation that may be used to determine 2091 * whether an account has an expiration time that is in the past. The result 2092 * returned should include an operation of type 2093 * {@link #OP_TYPE_GET_ACCOUNT_IS_EXPIRED} with a single boolean value that 2094 * indicates whether the account is expired. 2095 * 2096 * @return The created password policy state operation. 2097 */ 2098 public static PasswordPolicyStateOperation 2099 createGetAccountIsExpiredOperation() 2100 { 2101 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_EXPIRED); 2102 } 2103 2104 2105 2106 /** 2107 * Creates a new password policy state operation that may be used to determine 2108 * when a user's password is expected to expire. The result returned should 2109 * include an operation of type {@link #OP_TYPE_GET_PW_EXPIRATION_TIME} with a 2110 * single string value that is the generalized time representation of the 2111 * password expiration time. 2112 * 2113 * @return The created password policy state operation. 2114 */ 2115 public static PasswordPolicyStateOperation 2116 createGetPasswordExpirationTimeOperation() 2117 { 2118 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_EXPIRATION_TIME); 2119 } 2120 2121 2122 2123 /** 2124 * Creates a new password policy state operation that may be used to determine 2125 * whether an account has been locked because of too many failed 2126 * authentication attempts. The result returned should include an operation 2127 * of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single 2128 * boolean value that indicates whether the account is failure locked. 2129 * 2130 * @return The created password policy state operation. 2131 */ 2132 public static PasswordPolicyStateOperation 2133 createGetAccountIsFailureLockedOperation() 2134 { 2135 return new PasswordPolicyStateOperation( 2136 OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED); 2137 } 2138 2139 2140 2141 /** 2142 * Creates a new password policy state operation that may be used to specify 2143 * whether an account should be locked because of too many failed 2144 * authentication attempts. The result returned should include an operation 2145 * of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single 2146 * boolean value that indicates whether the account is failure locked. 2147 * 2148 * @param isFailureLocked Indicates whether the account should be locked 2149 * because of too many failed attempts. 2150 * 2151 * @return The created password policy state operation. 2152 */ 2153 public static PasswordPolicyStateOperation 2154 createSetAccountIsFailureLockedOperation( 2155 final boolean isFailureLocked) 2156 { 2157 final ASN1OctetString[] values = 2158 { 2159 new ASN1OctetString(String.valueOf(isFailureLocked)) 2160 }; 2161 2162 return new PasswordPolicyStateOperation( 2163 OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED, values); 2164 } 2165 2166 2167 2168 /** 2169 * Creates a new password policy state operation that may be used to determine 2170 * when a user's password is was locked because of too many failed 2171 * authentication attempts. The result returned should include an operation 2172 * of type {@link #OP_TYPE_GET_FAILURE_LOCKOUT_TIME} with a single string 2173 * value that is the generalized time representation of the failure lockout 2174 * time. 2175 * 2176 * @return The created password policy state operation. 2177 */ 2178 public static PasswordPolicyStateOperation 2179 createGetFailureLockoutTimeOperation() 2180 { 2181 return new PasswordPolicyStateOperation(OP_TYPE_GET_FAILURE_LOCKOUT_TIME); 2182 } 2183 2184 2185 2186 /** 2187 * Creates a new password policy state operation that may be used to determine 2188 * whether an account has been locked because it has remained idle for too 2189 * long. The result returned should include an operation of type 2190 * {@link #OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED} with a single boolean value 2191 * that indicates whether the account is idle locked. 2192 * 2193 * @return The created password policy state operation. 2194 */ 2195 public static PasswordPolicyStateOperation 2196 createGetAccountIsIdleLockedOperation() 2197 { 2198 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED); 2199 } 2200 2201 2202 2203 /** 2204 * Creates a new password policy state operation that may be used to determine 2205 * when a user's password is was locked because of the idle account lockout. 2206 * The result returned should include an operation of type 2207 * {@link #OP_TYPE_GET_IDLE_LOCKOUT_TIME} with a single string value that is 2208 * the generalized time representation of the idle lockout time. 2209 * 2210 * @return The created password policy state operation. 2211 */ 2212 public static PasswordPolicyStateOperation 2213 createGetIdleLockoutTimeOperation() 2214 { 2215 return new PasswordPolicyStateOperation(OP_TYPE_GET_IDLE_LOCKOUT_TIME); 2216 } 2217 2218 2219 2220 /** 2221 * Creates a new password policy state operation that may be used to determine 2222 * whether an account has been locked because the user failed to change their 2223 * password in a timely manner after an administrative reset. The result 2224 * returned should include an operation of type 2225 * {@link #OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED} with a single boolean value 2226 * that indicates whether the account is reset locked. 2227 * 2228 * @return The created password policy state operation. 2229 */ 2230 public static PasswordPolicyStateOperation 2231 createGetAccountIsResetLockedOperation() 2232 { 2233 return new PasswordPolicyStateOperation( 2234 OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED); 2235 } 2236 2237 2238 2239 /** 2240 * Creates a new password policy state operation that may be used to determine 2241 * when a user's password is was locked because the user failed to change 2242 * their password in a timely manner after an administrative reset. The 2243 * result returned should include an operation of type 2244 * {@link #OP_TYPE_GET_RESET_LOCKOUT_TIME} with a single string value that is 2245 * the generalized time representation of the reset lockout time. 2246 * 2247 * @return The created password policy state operation. 2248 */ 2249 public static PasswordPolicyStateOperation 2250 createGetResetLockoutTimeOperation() 2251 { 2252 return new PasswordPolicyStateOperation(OP_TYPE_GET_RESET_LOCKOUT_TIME); 2253 } 2254 2255 2256 2257 /** 2258 * Creates a new password policy state operation that may be used to retrieve 2259 * the number of passwords currently held in a user's password history. The 2260 * result returned should include an operation of type 2261 * {@link #OP_TYPE_GET_PW_HISTORY_COUNT} with a single integer value that 2262 * represents the number of passwords in the history, or a {@code null} value 2263 * if a password history is not enabled for the user. 2264 * 2265 * @return The created password policy state operation. 2266 */ 2267 public static PasswordPolicyStateOperation 2268 createGetPasswordHistoryCountOperation() 2269 { 2270 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY_COUNT); 2271 } 2272 2273 2274 2275 /** 2276 * Creates a new password policy state operation that may be used to determine 2277 * whether a user's password is expired. The result returned should include 2278 * an operation of type {@link #OP_TYPE_GET_PW_IS_EXPIRED} with a single 2279 * Boolean value that indicates whether the password is expired, or a 2280 * {@code null} value if password expiration is not enabled for the user. 2281 * 2282 * @return The created password policy state operation. 2283 */ 2284 public static PasswordPolicyStateOperation 2285 createGetPasswordIsExpiredOperation() 2286 { 2287 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_IS_EXPIRED); 2288 } 2289 2290 2291 2292 /** 2293 * Creates a new password policy state operation that may be used to retrieve 2294 * a list of the SASL mechanisms that are available for a user. This will 2295 * take into consideration the server's configuration, the types of 2296 * credentials that a user has, and per-user constraints and preferences. 2297 * 2298 * @return The created password policy state operation. 2299 */ 2300 public static PasswordPolicyStateOperation 2301 createGetAvailableSASLMechanismsOperation() 2302 { 2303 return new PasswordPolicyStateOperation( 2304 OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS); 2305 } 2306 2307 2308 2309 /** 2310 * Creates a new password policy state operation that may be used to retrieve 2311 * a list of the one-time password delivery mechanisms that are available for 2312 * a user. If the user's entry includes information about which OTP delivery 2313 * mechanisms are preferred, the list will be ordered from most preferred to 2314 * least preferred. 2315 * 2316 * @return The created password policy state operation. 2317 */ 2318 public static PasswordPolicyStateOperation 2319 createGetAvailableOTPDeliveryMechanismsOperation() 2320 { 2321 return new PasswordPolicyStateOperation( 2322 OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS); 2323 } 2324 2325 2326 2327 /** 2328 * Creates a new password policy state operation that may be used to determine 2329 * whether the user has at least one TOTP shared secret. The result returned 2330 * should include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} 2331 * with a single boolean value of {@code true} if the user has one or more 2332 * TOTP shared secrets, or {@code false} if not. 2333 * 2334 * @return The created password policy state operation. 2335 */ 2336 public static PasswordPolicyStateOperation createHasTOTPSharedSecret() 2337 { 2338 return new PasswordPolicyStateOperation(OP_TYPE_HAS_TOTP_SHARED_SECRET); 2339 } 2340 2341 2342 2343 /** 2344 * Creates a new password policy state operation that may be used to add one 2345 * or more values to the set of TOTP shared secrets for a user. The result 2346 * returned should include an operation of type 2347 * {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of 2348 * {@code true} if the user has one or more TOTP shared secrets, or 2349 * {@code false} if not. 2350 * 2351 * @param totpSharedSecrets The base32-encoded representations of the TOTP 2352 * shared secrets to add to the user. It must not 2353 * be {@code null} or empty. 2354 * 2355 * @return The created password policy state operation. 2356 */ 2357 public static PasswordPolicyStateOperation 2358 createAddTOTPSharedSecretOperation( 2359 final String... totpSharedSecrets) 2360 { 2361 final ASN1OctetString[] values = 2362 new ASN1OctetString[totpSharedSecrets.length]; 2363 for (int i=0; i < totpSharedSecrets.length; i++) 2364 { 2365 values[i] = new ASN1OctetString(totpSharedSecrets[i]); 2366 } 2367 2368 return new PasswordPolicyStateOperation(OP_TYPE_ADD_TOTP_SHARED_SECRET, 2369 values); 2370 } 2371 2372 2373 2374 /** 2375 * Creates a new password policy state operation that may be used to remove 2376 * one or more values from the set of TOTP shared secrets for a user. The 2377 * result returned should include an operation of type 2378 * {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of 2379 * {@code true} if the user has one or more TOTP shared secrets, or 2380 * {@code false} if not. 2381 * 2382 * @param totpSharedSecrets The base32-encoded representations of the TOTP 2383 * shared secrets to remove from the user. It must 2384 * not be {@code null} or empty. 2385 * 2386 * @return The created password policy state operation. 2387 */ 2388 public static PasswordPolicyStateOperation 2389 createRemoveTOTPSharedSecretOperation( 2390 final String... totpSharedSecrets) 2391 { 2392 final ASN1OctetString[] values = 2393 new ASN1OctetString[totpSharedSecrets.length]; 2394 for (int i=0; i < totpSharedSecrets.length; i++) 2395 { 2396 values[i] = new ASN1OctetString(totpSharedSecrets[i]); 2397 } 2398 2399 return new PasswordPolicyStateOperation(OP_TYPE_REMOVE_TOTP_SHARED_SECRET, 2400 values); 2401 } 2402 2403 2404 2405 /** 2406 * Creates a new password policy state operation that may be used to replace 2407 * the set of TOTP shared secrets for a user. The result returned should 2408 * include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a 2409 * single boolean value of {@code true} if the user has one or more TOTP 2410 * shared secrets, or {@code false} if not. 2411 * 2412 * @param totpSharedSecrets The base32-encoded representations of the TOTP 2413 * shared secrets for the user. It must not be 2414 * {@code null} but may be empty. 2415 * 2416 * @return The created password policy state operation. 2417 */ 2418 public static PasswordPolicyStateOperation 2419 createSetTOTPSharedSecretsOperation( 2420 final String... totpSharedSecrets) 2421 { 2422 final ASN1OctetString[] values = 2423 new ASN1OctetString[totpSharedSecrets.length]; 2424 for (int i=0; i < totpSharedSecrets.length; i++) 2425 { 2426 values[i] = new ASN1OctetString(totpSharedSecrets[i]); 2427 } 2428 2429 return new PasswordPolicyStateOperation(OP_TYPE_SET_TOTP_SHARED_SECRETS, 2430 values); 2431 } 2432 2433 2434 2435 /** 2436 * Creates a new password policy state operation that may be used to clear 2437 * the set of TOTP shared secrets for a user. The result returned should 2438 * include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a 2439 * single boolean value of {@code true} if the user has one or more TOTP 2440 * shared secrets, or {@code false} if not. 2441 * 2442 * @return The created password policy state operation. 2443 */ 2444 public static PasswordPolicyStateOperation 2445 createClearTOTPSharedSecretsOperation() 2446 { 2447 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_TOTP_SHARED_SECRETS); 2448 } 2449 2450 2451 2452 /** 2453 * Creates a new password policy state operation that may be used to determine 2454 * whether the user has at least one registered YubiKey OTP device. The 2455 * result returned should include an operation of type 2456 * {@link #OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID} 2457 * with a single boolean value of {@code true} if the user has one or more 2458 * registered devices, or {@code false} if not. 2459 * 2460 * @return The created password policy state operation. 2461 */ 2462 public static PasswordPolicyStateOperation createHasYubiKeyPublicIDOperation() 2463 { 2464 return new PasswordPolicyStateOperation( 2465 OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID); 2466 } 2467 2468 2469 2470 /** 2471 * Creates a new password policy state operation that may be used to retrieve 2472 * the public IDs of the YubiKey OTP devices registered for a user. The 2473 * result returned should include an operation of type 2474 * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string 2475 * values that represent the public IDs of the registered YubiKey OTP devices. 2476 * 2477 * @return The created password policy state operation. 2478 */ 2479 public static PasswordPolicyStateOperation 2480 createGetRegisteredYubiKeyPublicIDsOperation() 2481 { 2482 return new PasswordPolicyStateOperation( 2483 OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS); 2484 } 2485 2486 2487 2488 /** 2489 * Creates a new password policy state operation that may be used to add one 2490 * or more values to the set of the public IDs of the YubiKey OTP devices 2491 * registered for a user. The result returned should include an operation of 2492 * type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of 2493 * string values that represent the public IDs of the registered YubiKey OTP 2494 * devices. 2495 * 2496 * @param publicIDs The set of public IDs to add to the set of YubiKey OTP 2497 * devices registered for the user. It must not be 2498 * {@code null} or empty. 2499 * 2500 * @return The created password policy state operation. 2501 */ 2502 public static PasswordPolicyStateOperation 2503 createAddRegisteredYubiKeyPublicIDOperation( 2504 final String... publicIDs) 2505 { 2506 final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length]; 2507 for (int i=0; i < publicIDs.length; i++) 2508 { 2509 values[i] = new ASN1OctetString(publicIDs[i]); 2510 } 2511 2512 return new PasswordPolicyStateOperation( 2513 OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID, values); 2514 } 2515 2516 2517 2518 /** 2519 * Creates a new password policy state operation that may be used to remove 2520 * one or more values from the set of the public IDs of the YubiKey OTP 2521 * devices registered for a user. The result returned should include an 2522 * operation of type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with 2523 * an array of string values that represent the public IDs of the registered 2524 * YubiKey OTP devices. 2525 * 2526 * @param publicIDs The set of public IDs to remove from the set of YubiKey 2527 * OTP devices registered for the user. It must not be 2528 * {@code null} or empty. 2529 * 2530 * @return The created password policy state operation. 2531 */ 2532 public static PasswordPolicyStateOperation 2533 createRemoveRegisteredYubiKeyPublicIDOperation( 2534 final String... publicIDs) 2535 { 2536 final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length]; 2537 for (int i=0; i < publicIDs.length; i++) 2538 { 2539 values[i] = new ASN1OctetString(publicIDs[i]); 2540 } 2541 2542 return new PasswordPolicyStateOperation( 2543 OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, values); 2544 } 2545 2546 2547 2548 /** 2549 * Creates a new password policy state operation that may be used to replace 2550 * the set of the public IDs of the YubiKey OTP devices registered for a user. 2551 * The result returned should include an operation of type 2552 * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string 2553 * values that represent the public IDs of the registered YubiKey OTP devices. 2554 * 2555 * @param publicIDs The set of public IDs for the YubiKey OTP devices 2556 * registered for the user. It must not be {@code null} 2557 * but may be empty. 2558 * 2559 * @return The created password policy state operation. 2560 */ 2561 public static PasswordPolicyStateOperation 2562 createSetRegisteredYubiKeyPublicIDsOperation( 2563 final String... publicIDs) 2564 { 2565 final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length]; 2566 for (int i=0; i < publicIDs.length; i++) 2567 { 2568 values[i] = new ASN1OctetString(publicIDs[i]); 2569 } 2570 2571 return new PasswordPolicyStateOperation( 2572 OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS, values); 2573 } 2574 2575 2576 2577 /** 2578 * Creates a new password policy state operation that may be used to clear 2579 * the set of the public IDs of the YubiKey OTP devices registered for a user. 2580 * The result returned should include an operation of type 2581 * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string 2582 * values that represent the public IDs of the registered YubiKey OTP devices. 2583 * 2584 * @return The created password policy state operation. 2585 */ 2586 public static PasswordPolicyStateOperation 2587 createClearRegisteredYubiKeyPublicIDsOperation() 2588 { 2589 return new PasswordPolicyStateOperation( 2590 OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS); 2591 } 2592 2593 2594 2595 /** 2596 * Creates a new password policy state operation that may be used to determine 2597 * whether the user has a static password. The result should include an 2598 * operation of type {@link #OP_TYPE_HAS_STATIC_PASSWORD} with a single 2599 * boolean value of {@code true} if the user has a static password, or 2600 * {@code false} if not. 2601 * 2602 * @return The created password policy state operation. 2603 */ 2604 public static PasswordPolicyStateOperation createHasStaticPasswordOperation() 2605 { 2606 return new PasswordPolicyStateOperation(OP_TYPE_HAS_STATIC_PASSWORD); 2607 } 2608 2609 2610 2611 /** 2612 * Retrieves the operation type for this password policy state operation. 2613 * 2614 * @return The operation type for this password policy state operation. 2615 */ 2616 public int getOperationType() 2617 { 2618 return opType; 2619 } 2620 2621 2622 2623 /** 2624 * Retrieves the set of raw values for this password policy state operation. 2625 * 2626 * @return The set of raw values for this password policy state operation. 2627 */ 2628 public ASN1OctetString[] getRawValues() 2629 { 2630 return values; 2631 } 2632 2633 2634 2635 /** 2636 * Retrieves the string representation of the value for this password policy 2637 * state operation. If there are multiple values, then the first will be 2638 * returned. 2639 * 2640 * @return The string representation of the value for this password policy 2641 * state operation, or {@code null} if there are no values. 2642 */ 2643 public String getStringValue() 2644 { 2645 if (values.length == 0) 2646 { 2647 return null; 2648 } 2649 else 2650 { 2651 return values[0].stringValue(); 2652 } 2653 } 2654 2655 2656 2657 /** 2658 * Retrieves the string representations of the values for this password policy 2659 * state operation. 2660 * 2661 * @return The string representations of the values for this password policy 2662 * state operation. 2663 */ 2664 public String[] getStringValues() 2665 { 2666 final String[] stringValues = new String[values.length]; 2667 for (int i=0; i < values.length; i++) 2668 { 2669 stringValues[i] = values[i].stringValue(); 2670 } 2671 2672 return stringValues; 2673 } 2674 2675 2676 2677 /** 2678 * Retrieves the boolean representation of the value for this password policy 2679 * state operation. 2680 * 2681 * @return The boolean representation of the value for this password policy 2682 * state operation. 2683 * 2684 * @throws IllegalStateException If this operation does not have exactly one 2685 * value, or if the value cannot be decoded as 2686 * a boolean value. 2687 */ 2688 public boolean getBooleanValue() 2689 throws IllegalStateException 2690 { 2691 if (values.length != 1) 2692 { 2693 throw new IllegalStateException( 2694 ERR_PWP_STATE_INVALID_BOOLEAN_VALUE_COUNT.get(values.length)); 2695 } 2696 2697 final String valueString = StaticUtils.toLowerCase(values[0].stringValue()); 2698 if (valueString.equals("true")) 2699 { 2700 return true; 2701 } 2702 else if (valueString.equals("false")) 2703 { 2704 return false; 2705 } 2706 else 2707 { 2708 throw new IllegalStateException( 2709 ERR_PWP_STATE_VALUE_NOT_BOOLEAN.get(values[0].stringValue())); 2710 } 2711 } 2712 2713 2714 2715 /** 2716 * Retrieves the integer representation of the value for this password policy 2717 * state operation. If there are multiple values, then the first will be 2718 * returned. 2719 * 2720 * @return The integer representation of the value for this password policy 2721 * operation. 2722 * 2723 * @throws IllegalStateException If this operation does not have any values. 2724 * 2725 * @throws NumberFormatException If the value cannot be parsed as an 2726 * integer. 2727 */ 2728 public int getIntValue() 2729 throws IllegalStateException, NumberFormatException 2730 { 2731 if (values.length == 0) 2732 { 2733 throw new IllegalStateException(ERR_PWP_STATE_NO_VALUES.get()); 2734 } 2735 2736 return Integer.parseInt(values[0].stringValue()); 2737 } 2738 2739 2740 2741 /** 2742 * Retrieves the {@code Date} object represented by the value for this 2743 * password policy state operation treated as a timestamp in generalized time 2744 * form. If there are multiple values, then the first will be returned. 2745 * 2746 * @return The {@code Date} object represented by the value for this password 2747 * policy state operation treated as a timestamp in generalized time 2748 * form, or {@code null} if this operation does not have any values. 2749 * 2750 * @throws ParseException If the value cannot be decoded as a timestamp in 2751 * generalized time form. 2752 */ 2753 public Date getGeneralizedTimeValue() 2754 throws ParseException 2755 { 2756 if (values.length == 0) 2757 { 2758 return null; 2759 } 2760 2761 return StaticUtils.decodeGeneralizedTime(values[0].stringValue()); 2762 } 2763 2764 2765 2766 /** 2767 * Retrieves the {@code Date} objects represented by the values for this 2768 * password policy state operation treated as timestamps in generalized time 2769 * form. 2770 * 2771 * @return The {@code Date} objects represented by the values for this 2772 * password policy state operation treated as timestamps in 2773 * generalized time form. 2774 * 2775 * @throws ParseException If any of the values cannot be decoded as a 2776 * timestamp in generalized time form. 2777 */ 2778 public Date[] getGeneralizedTimeValues() 2779 throws ParseException 2780 { 2781 final Date[] dateValues = new Date[values.length]; 2782 for (int i=0; i < values.length; i++) 2783 { 2784 dateValues[i] = 2785 StaticUtils.decodeGeneralizedTime(values[i].stringValue()); 2786 } 2787 2788 return dateValues; 2789 } 2790 2791 2792 2793 /** 2794 * Creates an array of ASN.1 octet strings with the provided set of values. 2795 * 2796 * @param dates The dates from which to create the values. It may be 2797 * {@code null} or empty if there should be no values. 2798 * 2799 * @return The array of ASN.1 octet strings. 2800 */ 2801 private static ASN1OctetString[] createValues(final Date... dates) 2802 { 2803 if ((dates == null) || (dates.length == 0)) 2804 { 2805 return NO_VALUES; 2806 } 2807 2808 final ArrayList<ASN1OctetString> valueList = 2809 new ArrayList<ASN1OctetString>(dates.length); 2810 for (final Date d : dates) 2811 { 2812 if (d != null) 2813 { 2814 valueList.add(new ASN1OctetString( 2815 StaticUtils.encodeGeneralizedTime(d))); 2816 } 2817 } 2818 2819 return valueList.toArray(NO_VALUES); 2820 } 2821 2822 2823 2824 /** 2825 * Encodes this password policy state operation for use in the extended 2826 * request or response. 2827 * 2828 * @return An ASN.1 element containing an encoded representation of this 2829 * password policy state operation. 2830 */ 2831 public ASN1Element encode() 2832 { 2833 final ASN1Element[] elements; 2834 if (values.length > 0) 2835 { 2836 elements = new ASN1Element[] 2837 { 2838 new ASN1Enumerated(opType), 2839 new ASN1Sequence(values) 2840 }; 2841 } 2842 else 2843 { 2844 elements = new ASN1Element[] 2845 { 2846 new ASN1Enumerated(opType), 2847 }; 2848 } 2849 2850 return new ASN1Sequence(elements); 2851 } 2852 2853 2854 2855 /** 2856 * Decodes the provided ASN.1 element as a password policy state operation. 2857 * 2858 * @param element The ASN.1 element to be decoded. 2859 * 2860 * @return The decoded password policy state operation. 2861 * 2862 * @throws LDAPException If a problem occurs while attempting to decode the 2863 * provided ASN.1 element as a password policy state 2864 * operation. 2865 */ 2866 public static PasswordPolicyStateOperation decode(final ASN1Element element) 2867 throws LDAPException 2868 { 2869 final ASN1Element[] elements; 2870 try 2871 { 2872 elements = ASN1Sequence.decodeAsSequence(element).elements(); 2873 } 2874 catch (final Exception e) 2875 { 2876 Debug.debugException(e); 2877 throw new LDAPException(ResultCode.DECODING_ERROR, 2878 ERR_PWP_STATE_ELEMENT_NOT_SEQUENCE.get(e), e); 2879 } 2880 2881 if ((elements.length < 1) || (elements.length > 2)) 2882 { 2883 throw new LDAPException(ResultCode.DECODING_ERROR, 2884 ERR_PWP_STATE_INVALID_ELEMENT_COUNT.get( 2885 elements.length)); 2886 } 2887 2888 final int opType; 2889 try 2890 { 2891 opType = ASN1Enumerated.decodeAsEnumerated(elements[0]).intValue(); 2892 } 2893 catch (final Exception e) 2894 { 2895 Debug.debugException(e); 2896 throw new LDAPException(ResultCode.DECODING_ERROR, 2897 ERR_PWP_STATE_OP_TYPE_NOT_INTEGER.get(e), e); 2898 } 2899 2900 final ASN1OctetString[] values; 2901 if (elements.length == 2) 2902 { 2903 try 2904 { 2905 final ASN1Element[] valueElements = 2906 ASN1Sequence.decodeAsSequence(elements[1]).elements(); 2907 values = new ASN1OctetString[valueElements.length]; 2908 for (int i=0; i < valueElements.length; i++) 2909 { 2910 values[i] = ASN1OctetString.decodeAsOctetString(valueElements[i]); 2911 } 2912 } 2913 catch (final Exception e) 2914 { 2915 Debug.debugException(e); 2916 throw new LDAPException(ResultCode.DECODING_ERROR, 2917 ERR_PWP_STATE_CANNOT_DECODE_VALUES.get(e), e); 2918 } 2919 } 2920 else 2921 { 2922 values = NO_VALUES; 2923 } 2924 2925 return new PasswordPolicyStateOperation(opType, values); 2926 } 2927 2928 2929 2930 /** 2931 * Retrieves a string representation of this password policy state operation. 2932 * 2933 * @return A string representation of this password policy state operation. 2934 */ 2935 @Override() 2936 public String toString() 2937 { 2938 final StringBuilder buffer = new StringBuilder(); 2939 toString(buffer); 2940 return buffer.toString(); 2941 } 2942 2943 2944 2945 /** 2946 * Appends a string representation of this password policy state operation to 2947 * the provided buffer. 2948 * 2949 * @param buffer The buffer to which the information should be appended. 2950 */ 2951 public void toString(final StringBuilder buffer) 2952 { 2953 buffer.append("PasswordPolicyStateOperation(opType="); 2954 buffer.append(opType); 2955 2956 if (values.length > 0) 2957 { 2958 buffer.append(", values={"); 2959 for (int i=0; i < values.length; i++) 2960 { 2961 if (i > 0) 2962 { 2963 buffer.append(", "); 2964 } 2965 2966 buffer.append('\''); 2967 buffer.append(values[i].stringValue()); 2968 buffer.append('\''); 2969 } 2970 buffer.append('}'); 2971 } 2972 2973 buffer.append(')'); 2974 } 2975}