001/* 002 * Copyright 2008-2018 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright (C) 2015-2018 Ping Identity Corporation 007 * 008 * This program is free software; you can redistribute it and/or modify 009 * it under the terms of the GNU General Public License (GPLv2 only) 010 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 011 * as published by the Free Software Foundation. 012 * 013 * This program is distributed in the hope that it will be useful, 014 * but WITHOUT ANY WARRANTY; without even the implied warranty of 015 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 016 * GNU General Public License for more details. 017 * 018 * You should have received a copy of the GNU General Public License 019 * along with this program; if not, see <http://www.gnu.org/licenses>. 020 */ 021package com.unboundid.ldap.sdk.unboundidds.extensions; 022 023 024 025import java.io.Serializable; 026import java.text.ParseException; 027import java.util.ArrayList; 028import java.util.Date; 029 030import com.unboundid.asn1.ASN1Element; 031import com.unboundid.asn1.ASN1Enumerated; 032import com.unboundid.asn1.ASN1OctetString; 033import com.unboundid.asn1.ASN1Sequence; 034import com.unboundid.ldap.sdk.LDAPException; 035import com.unboundid.ldap.sdk.ResultCode; 036import com.unboundid.util.Debug; 037import com.unboundid.util.NotMutable; 038import com.unboundid.util.StaticUtils; 039import com.unboundid.util.ThreadSafety; 040import com.unboundid.util.ThreadSafetyLevel; 041 042import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*; 043 044 045 046/** 047 * This class defines an operation that may be used in conjunction with the 048 * password policy state extended operation. A password policy state operation 049 * can be used to get or set various properties of the password policy state for 050 * a user. 051 * <BR> 052 * <BLOCKQUOTE> 053 * <B>NOTE:</B> This class, and other classes within the 054 * {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only 055 * supported for use against Ping Identity, UnboundID, and 056 * Nokia/Alcatel-Lucent 8661 server products. These classes provide support 057 * for proprietary functionality or for external specifications that are not 058 * considered stable or mature enough to be guaranteed to work in an 059 * interoperable way with other types of LDAP servers. 060 * </BLOCKQUOTE> 061 * <BR> 062 * Operations that are available for use with the password policy state 063 * operation include: 064 * <UL> 065 * <LI>Get the DN of the password policy configuration entry for the target 066 * user.</LI> 067 * <LI>Determine whether an account is usable (may authenticate or be used as 068 * an alternate authorization identity.</LI> 069 * <LI>Retrieve the set of account usability notice, warning, and error 070 * messages for a user.</LI> 071 * <LI>Get, set, and clear the account disabled flag for the target user.</LI> 072 * <LI>Get, set, and clear the account activation time for the target 073 * user.</LI> 074 * <LI>Get, set, and clear the account expiration time for the target 075 * user.</LI> 076 * <LI>Get the length of time in seconds until the target user account 077 * expires.</LI> 078 * <LI>Get the time that the target user's password was last changed.</LI> 079 * <LI>Get and clear the time that the first password expiration warning was 080 * sent to the user.</LI> 081 * <LI>Get the length of time in seconds until the target user's password 082 * expires and the password expiration time for the account.</LI> 083 * <LI>Get the length of time in seconds until the user should receive the 084 * first warning about an upcoming password expiration.</LI> 085 * <LI>Determine whether the user's password is expired.</LI> 086 * <LI>Determine whether the account is locked because of failed 087 * authentication attempts, an idle lockout, or a password reset 088 * lockout.</LI> 089 * <LI>Get, update, set, and clear the list of times that the target user has 090 * unsuccessfully tried to authenticate since the last successful 091 * authentication.</LI> 092 * <LI>Get the number of remaining failed authentication attempts for the 093 * target user before the account is locked.</LI> 094 * <LI>Get the length of time in seconds until the target user's account is 095 * automatically unlocked after it was locked due to failed authentication 096 * attempts.</LI> 097 * <LI>Get, set, and clear the time that the user last authenticated to the 098 * server.</LI> 099 * <LI>Get, set, and clear the IP address of the client from which the user 100 * last authenticated to the server.</LI> 101 * <LI>Get the length of time in seconds until the user account may be locked 102 * after remaining idle.</LI> 103 * <LI>Get, set, and clear the flag that controls whether the target user must 104 * change his/her password before being allowed to perform any other 105 * operations.</LI> 106 * <LI>Get the length of time in seconds until the user's account is locked 107 * after failing to change the password after an administrative 108 * reset.</LI> 109 * <LI>Get, update, set, and clear the times that the target user has 110 * authenticated using a grace login after the password had expired.</LI> 111 * <LI>Retrieve the number of remaining grace logins for the user.</LI> 112 * <LI>Get, set, and clear the required password change time for the target 113 * user.</LI> 114 * <LI>Retrieve the length of time in seconds until the target user's account 115 * will be locked as a result of failing to comply with a password change 116 * by required time.</LI> 117 * <LI>Get the password history count for the target user.</LI> 118 * <LI>Clear the password history for the target user.</LI> 119 * <LI>Get information about or purge a user's retired password.</LI> 120 * <LI>Get information about which SASL mechanisms are available for a 121 * user.</LI> 122 * <LI>Get information about which OTP delivery mechanisms are available for a 123 * user.</LI> 124 * <LI>Determine whether a user has any TOTP shared secrets and manipulate the 125 * registered secrets.</LI> 126 * <LI>Get, set, and clear the public IDs of any YubiKey OTP devices 127 * registered for a user.</LI> 128 * <LI>Determine whether the user has a static password.</LI> 129 * </UL> 130 * Note that many of these methods are dependent upon the password policy 131 * configuration for the target user and therefore some of them may not be 132 * applicable for some users. For example, if password expiration is not 133 * enabled in the password policy associated with the target user, then 134 * operations that involve password expiration will have no effect and/or will 135 * have a return value that indicates that password expiration is not in effect. 136 */ 137@NotMutable() 138@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 139public final class PasswordPolicyStateOperation 140 implements Serializable 141{ 142 /** 143 * The operation type that may be used to retrieve the DN of the password 144 * policy to which the user is subject. 145 */ 146 public static final int OP_TYPE_GET_PW_POLICY_DN = 0; 147 148 149 150 /** 151 * The operation type that may be used to determine whether the user account 152 * is disabled. 153 */ 154 public static final int OP_TYPE_GET_ACCOUNT_DISABLED_STATE = 1; 155 156 157 158 /** 159 * The operation type that may be used to specify whether the user account is 160 * disabled. 161 */ 162 public static final int OP_TYPE_SET_ACCOUNT_DISABLED_STATE = 2; 163 164 165 166 /** 167 * The operation type that may be used to clear the account disabled flag in 168 * the user's entry. 169 */ 170 public static final int OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE = 3; 171 172 173 174 /** 175 * The operation type that may be used to get the time that the user's account 176 * will expire. 177 */ 178 public static final int OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME = 4; 179 180 181 182 /** 183 * The operation type that may be used to set the time that the user's account 184 * will expire. 185 */ 186 public static final int OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME = 5; 187 188 189 190 /** 191 * The operation type that may be used to clear the user's account expiration 192 * time. 193 */ 194 public static final int OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME = 6; 195 196 197 198 /** 199 * The operation type that may be used to retrieve the length of time in 200 * seconds until the user's account expires. 201 */ 202 public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION = 7; 203 204 205 206 /** 207 * The operation type that may be used to get the time that the user's 208 * password was last changed. 209 */ 210 public static final int OP_TYPE_GET_PW_CHANGED_TIME = 8; 211 212 213 214 /** 215 * The operation type that may be used to set the time that the user's 216 * password was last changed. 217 */ 218 public static final int OP_TYPE_SET_PW_CHANGED_TIME = 9; 219 220 221 222 /** 223 * The operation type that may be used to clear the password changed time in 224 * the user's account. 225 */ 226 public static final int OP_TYPE_CLEAR_PW_CHANGED_TIME = 10; 227 228 229 230 /** 231 * The operation type that may be used to get the time that the user was 232 * first sent a password expiration warning. 233 */ 234 public static final int OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME = 11; 235 236 237 238 /** 239 * The operation type that may be used to set the time that the user was 240 * first sent a password expiration warning. 241 */ 242 public static final int OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME = 12; 243 244 245 246 /** 247 * The operation type that may be used to clear the password expiration warned 248 * time from the user's entry. 249 */ 250 public static final int OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME = 13; 251 252 253 254 /** 255 * The operation type that may be used to get the length of time in seconds 256 * until the user's password expires. 257 */ 258 public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION = 14; 259 260 261 262 /** 263 * The operation type that may be used to get the length of time in seconds 264 * until the user will be eligible to receive a password expiration warning. 265 */ 266 public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING = 15; 267 268 269 270 /** 271 * The operation type that may be used to get the set of times that the user 272 * has unsuccessfully tried to authenticate since the last successful attempt. 273 */ 274 public static final int OP_TYPE_GET_AUTH_FAILURE_TIMES = 16; 275 276 277 278 /** 279 * The operation type that may be used to add a new authentication failure 280 * time to the user's account. 281 */ 282 public static final int OP_TYPE_ADD_AUTH_FAILURE_TIME = 17; 283 284 285 286 /** 287 * The operation type that may be used to set the set of times that the user 288 * has unsuccessfully tried to authenticate since the last successful attempt. 289 */ 290 public static final int OP_TYPE_SET_AUTH_FAILURE_TIMES = 18; 291 292 293 294 /** 295 * The operation type that may be used to clear the authentication failure 296 * times in the user account. 297 */ 298 public static final int OP_TYPE_CLEAR_AUTH_FAILURE_TIMES = 19; 299 300 301 302 /** 303 * The operation type that may be used to retrieve the length of time in 304 * seconds until the user's account is unlocked. 305 */ 306 public static final int OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK = 20; 307 308 309 310 /** 311 * The operation type that may be used to retrieve the number of failed 312 * authentication attempts that the user has before the account is locked. 313 */ 314 public static final int OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT = 21; 315 316 317 318 /** 319 * The operation type that may be used to retrieve the time that the user last 320 * authenticated to the server. 321 */ 322 public static final int OP_TYPE_GET_LAST_LOGIN_TIME = 22; 323 324 325 326 /** 327 * The operation type that may be used to set the time that the user last 328 * authenticated to the server. 329 */ 330 public static final int OP_TYPE_SET_LAST_LOGIN_TIME = 23; 331 332 333 334 /** 335 * The operation type that may be used to clear the last login time in the 336 * user's entry. 337 */ 338 public static final int OP_TYPE_CLEAR_LAST_LOGIN_TIME = 24; 339 340 341 342 /** 343 * The operation type that may be used to get the length of time in seconds 344 * until the user account is locked due to inactivity. 345 */ 346 public static final int OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT = 25; 347 348 349 350 /** 351 * The operation type that may be used to determine whether a user's password 352 * has been reset by an administrator and must be changed. 353 */ 354 public static final int OP_TYPE_GET_PW_RESET_STATE = 26; 355 356 357 358 /** 359 * The operation type that may be used to set the flag to indicate whether a 360 * user's password has been reset by an administrator and must be changed. 361 */ 362 public static final int OP_TYPE_SET_PW_RESET_STATE = 27; 363 364 365 366 /** 367 * The operation type that may be used to clear the password reset flag in the 368 * user's entry. 369 */ 370 public static final int OP_TYPE_CLEAR_PW_RESET_STATE = 28; 371 372 373 374 /** 375 * The operation type that may be used to get the length of time in seconds 376 * until the user's account is locked due to failure to change the password 377 * after an administrative reset. 378 */ 379 public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT = 29; 380 381 382 383 /** 384 * The operation type that may be used to retrieve the times that the user has 385 * authenticated using a grace login after his/her password has expired. 386 */ 387 public static final int OP_TYPE_GET_GRACE_LOGIN_USE_TIMES = 30; 388 389 390 391 /** 392 * The operation type that may be used add a value to the set of times that 393 * the user has authenticated using a grace login after his/her password has 394 * expired. 395 */ 396 public static final int OP_TYPE_ADD_GRACE_LOGIN_USE_TIME = 31; 397 398 399 400 /** 401 * The operation type that may be used to set the times that the user has 402 * authenticated using a grace login after his/her password has expired. 403 */ 404 public static final int OP_TYPE_SET_GRACE_LOGIN_USE_TIMES = 32; 405 406 407 408 /** 409 * The operation type that may be used to clear the set of times that the user 410 * has authenticated using a grace login after his/her password has expired. 411 */ 412 public static final int OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES = 33; 413 414 415 416 /** 417 * The operation type that may be used to retrieve the number of grace logins 418 * available for the user. 419 */ 420 public static final int OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT = 34; 421 422 423 424 /** 425 * The operation type that may be used to retrieve the last time that the 426 * user's password was changed during a required change period. 427 */ 428 public static final int OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME = 35; 429 430 431 432 /** 433 * The operation type that may be used to set the last time that the 434 * user's password was changed during a required change period. 435 */ 436 public static final int OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME = 36; 437 438 439 440 /** 441 * The operation type that may be used to clear the last time that the 442 * user's password was changed during a required change period. 443 */ 444 public static final int OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME = 37; 445 446 447 448 /** 449 * The operation type that may be used to get the length of time in seconds 450 * until the user's account will be locked due to a failure to change the 451 * password by a required time. 452 */ 453 public static final int OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME = 38; 454 455 456 457 /** 458 * The operation type that may be used to retrieve the stored password history 459 * values for a user. 460 * 461 * @deprecated This operation type has been deprecated in favor of the 462 * {@link #OP_TYPE_GET_PW_HISTORY_COUNT} operation type. 463 */ 464 @Deprecated() 465 public static final int OP_TYPE_GET_PW_HISTORY = 39; 466 467 468 469 /** 470 * The operation type that may be used to clear the stored password history 471 * values for a user. 472 */ 473 public static final int OP_TYPE_CLEAR_PW_HISTORY = 40; 474 475 476 477 /** 478 * The operation type that may be used to determine whether a user has a valid 479 * retired password. 480 */ 481 public static final int OP_TYPE_HAS_RETIRED_PASSWORD = 41; 482 483 484 485 /** 486 * The operation type that may be used to retrieve the time that the user's 487 * former password was retired. 488 */ 489 public static final int OP_TYPE_GET_PASSWORD_RETIRED_TIME = 42; 490 491 492 493 /** 494 * The operation type that may be used to retrieve the time that the user's 495 * retired password will expire. 496 */ 497 public static final int OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME = 43; 498 499 500 501 /** 502 * The operation type that may be used to purge any retired password from the 503 * user's entry. 504 */ 505 public static final int OP_TYPE_PURGE_RETIRED_PASSWORD = 44; 506 507 508 509 /** 510 * The operation type that may be used to get the time that the user's account 511 * will become active. 512 */ 513 public static final int OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME = 45; 514 515 516 517 /** 518 * The operation type that may be used to set the time that the user's account 519 * will become active. 520 */ 521 public static final int OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME = 46; 522 523 524 525 /** 526 * The operation type that may be used to clear the user's account activation 527 * time. 528 */ 529 public static final int OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME = 47; 530 531 532 533 /** 534 * The operation type that may be used to retrieve the length of time in 535 * seconds until the user's account will become active. 536 */ 537 public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION = 48; 538 539 540 541 /** 542 * The operation type that may be used to retrieve the IP address from which 543 * the user last authenticated to the server. 544 */ 545 public static final int OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS = 49; 546 547 548 549 /** 550 * The operation type that may be used to set the IP address from which the 551 * user last authenticated to the server. 552 */ 553 public static final int OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS = 50; 554 555 556 557 /** 558 * The operation type that may be used to clear the last login IP address in 559 * the user's entry. 560 */ 561 public static final int OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS = 51; 562 563 564 565 /** 566 * The operation type that may be used to retrieve a list of structured 567 * strings that provide information about notices pertaining to account 568 * usability. 569 */ 570 public static final int OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES = 52; 571 572 573 574 /** 575 * The operation type that may be used to retrieve a list of structured 576 * strings that provide information about warnings that may affect the account 577 * usability. 578 */ 579 public static final int OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS = 53; 580 581 582 583 /** 584 * The operation type that may be used to retrieve a list of structured 585 * strings that provide information about errors that may affect the account 586 * usability. 587 */ 588 public static final int OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS = 54; 589 590 591 592 /** 593 * The operation type that may be used to determine whether an account is 594 * usable (i.e., the account may authenticate or be used as an alternate 595 * authorization identity). 596 */ 597 public static final int OP_TYPE_GET_ACCOUNT_IS_USABLE = 55; 598 599 600 601 /** 602 * The operation type that may be used to determine whether an account is 603 * not yet active (because the account activation time is in the future). 604 */ 605 public static final int OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE = 56; 606 607 608 609 /** 610 * The operation type that may be used to determine whether an account is 611 * expired (because the account expiration time is in the past). 612 */ 613 public static final int OP_TYPE_GET_ACCOUNT_IS_EXPIRED = 57; 614 615 616 617 /** 618 * The operation type that may be used to determine when a user's password 619 * will expire. 620 */ 621 public static final int OP_TYPE_GET_PW_EXPIRATION_TIME = 58; 622 623 624 625 /** 626 * The operation type that may be used to determine whether a user's account 627 * is locked because of too many authentication failures. 628 */ 629 public static final int OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED = 59; 630 631 632 633 /** 634 * The operation type that may be used to specify whether a user's account 635 * is locked because of too many authentication failures. 636 */ 637 public static final int OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED = 60; 638 639 640 641 /** 642 * The operation type that may be used to determine the failure lockout time 643 * for a user account. 644 */ 645 public static final int OP_TYPE_GET_FAILURE_LOCKOUT_TIME = 61; 646 647 648 649 /** 650 * The operation type that may be used to determine whether a user's account 651 * is locked because it has been idle for too long. 652 */ 653 public static final int OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED = 62; 654 655 656 657 /** 658 * The operation type that may be used to determine the idle lockout time for 659 * a user account. 660 */ 661 public static final int OP_TYPE_GET_IDLE_LOCKOUT_TIME = 63; 662 663 664 665 /** 666 * The operation type that may be used to determine whether a user's account 667 * is locked because the user did not change their password in a timely manner 668 * after an administrative reset. 669 */ 670 public static final int OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED = 64; 671 672 673 674 /** 675 * The operation type that may be used to determine the reset lockout time for 676 * a user account. 677 */ 678 public static final int OP_TYPE_GET_RESET_LOCKOUT_TIME = 65; 679 680 681 682 /** 683 * The operation type that may be used to retrieve the password history count 684 * for a user. 685 */ 686 public static final int OP_TYPE_GET_PW_HISTORY_COUNT = 66; 687 688 689 690 /** 691 * The operation type that may be used to determine whether a user's password 692 * is expired. 693 */ 694 public static final int OP_TYPE_GET_PW_IS_EXPIRED = 67; 695 696 697 698 /** 699 * The operation type that may be used to retrieve a list of the SASL 700 * mechanisms that are available for a user. 701 */ 702 public static final int OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS = 68; 703 704 705 706 /** 707 * The operation type that may be used to retrieve a list of the one-time 708 * password delivery mechanisms that are available for a user. 709 */ 710 public static final int OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS = 69; 711 712 713 714 /** 715 * The operation type that may be used to determine whether a user has one or 716 * more TOTP shared secrets. 717 */ 718 public static final int OP_TYPE_HAS_TOTP_SHARED_SECRET = 70; 719 720 721 722 /** 723 * The operation type that may be used to retrieve get the set of public IDs 724 * for the registered YubiKey OTP devices for a user. 725 */ 726 public static final int OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS = 71; 727 728 729 730 /** 731 * The operation type that may be used to add a value to the set of registered 732 * YubiKey OTP device public IDs for a user. 733 */ 734 public static final int OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID = 72; 735 736 737 738 /** 739 * The operation type that may be used to remove a value from the set of 740 * registered YubiKey OTP device public IDs for a user. 741 */ 742 public static final int OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID = 73; 743 744 745 746 /** 747 * The operation type that may be used to replace the set of public IDs for 748 * the registered YubiKey OTP devices for a user. 749 */ 750 public static final int OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS = 74; 751 752 753 754 /** 755 * The operation type that may be used to clear the set of public IDs for 756 * the registered YubiKey OTP devices for a user. 757 */ 758 public static final int OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS = 75; 759 760 761 762 /** 763 * The operation type that may be used to add a value to the set of registered 764 * TOTP shared secrets for a user. 765 */ 766 public static final int OP_TYPE_ADD_TOTP_SHARED_SECRET = 76; 767 768 769 770 /** 771 * The operation type that may be used to remove a value from the set of 772 * registered TOTP shared secrets for a user. 773 */ 774 public static final int OP_TYPE_REMOVE_TOTP_SHARED_SECRET = 77; 775 776 777 778 /** 779 * The operation type that may be used to replace the set of registered TOTP 780 * shared secrets for a user. 781 */ 782 public static final int OP_TYPE_SET_TOTP_SHARED_SECRETS = 78; 783 784 785 786 /** 787 * The operation type that may be used to clear the set of TOTP shared secrets 788 * for a user. 789 */ 790 public static final int OP_TYPE_CLEAR_TOTP_SHARED_SECRETS = 79; 791 792 793 794 /** 795 * The operation type that may be used to determine whether a user has one 796 * or more registered YubiKey OTP devices. 797 * shared secret. 798 */ 799 public static final int OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID = 80; 800 801 802 803 /** 804 * The operation type that may be used to determine whether a user has a 805 * static password. 806 */ 807 public static final int OP_TYPE_HAS_STATIC_PASSWORD = 81; 808 809 810 811 /** 812 * The set of values that will be used if there are no values. 813 */ 814 private static final ASN1OctetString[] NO_VALUES = new ASN1OctetString[0]; 815 816 817 818 /** 819 * The serial version UID for this serializable class. 820 */ 821 private static final long serialVersionUID = -7004621958353828598L; 822 823 824 825 // The set of values for this operation. 826 private final ASN1OctetString[] values; 827 828 // The operation type for this operation. 829 private final int opType; 830 831 832 833 /** 834 * Creates a new password policy state operation with the specified operation 835 * type and no values. 836 * 837 * @param opType The operation type for this password policy state 838 * operation. 839 */ 840 public PasswordPolicyStateOperation(final int opType) 841 { 842 this(opType, NO_VALUES); 843 } 844 845 846 847 /** 848 * Creates a new password policy state operation with the specified operation 849 * type and set of values. 850 * 851 * @param opType The operation type for this password policy state 852 * operation. 853 * @param values The set of values for this password policy state operation. 854 */ 855 public PasswordPolicyStateOperation(final int opType, 856 final ASN1OctetString[] values) 857 { 858 this.opType = opType; 859 860 if (values == null) 861 { 862 this.values = NO_VALUES; 863 } 864 else 865 { 866 this.values = values; 867 } 868 } 869 870 871 872 /** 873 * Creates a new password policy state operation that may be used to request 874 * the DN of the password policy configuration entry for the user. The result 875 * returned should include an operation of type 876 * {@link #OP_TYPE_GET_PW_POLICY_DN} with a single string value that is the 877 * DN of the password policy configuration entry. 878 * 879 * @return The created password policy state operation. 880 */ 881 public static PasswordPolicyStateOperation 882 createGetPasswordPolicyDNOperation() 883 { 884 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_POLICY_DN); 885 } 886 887 888 889 /** 890 * Creates a new password policy state operation that may be used to determine 891 * whether the user account is disabled. The result returned should include 892 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a 893 * single boolean value of {@code true} if the account is disabled, or 894 * {@code false} if the account is not disabled. 895 * 896 * @return The created password policy state operation. 897 */ 898 public static PasswordPolicyStateOperation 899 createGetAccountDisabledStateOperation() 900 { 901 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_DISABLED_STATE); 902 } 903 904 905 906 /** 907 * Creates a new password policy state operation that may be used to specify 908 * whether the user account is disabled. The result returned should include 909 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a 910 * single boolean value of {@code true} if the account has been disabled, or 911 * {@code false} if the account is not disabled. 912 * 913 * @param isDisabled Indicates whether the user account should be disabled. 914 * 915 * @return The created password policy state operation. 916 */ 917 public static PasswordPolicyStateOperation 918 createSetAccountDisabledStateOperation( 919 final boolean isDisabled) 920 { 921 final ASN1OctetString[] values = 922 { 923 new ASN1OctetString(String.valueOf(isDisabled)) 924 }; 925 926 return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_DISABLED_STATE, 927 values); 928 } 929 930 931 932 /** 933 * Creates a new password policy state operation that may be used to clear 934 * the user account disabled state in the user's entry. The result returned 935 * should include an operation of type 936 * {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a single boolean value of 937 * {@code true} if the account is disabled, or {@code false} if the account is 938 * not disabled. 939 * 940 * @return The created password policy state operation. 941 */ 942 public static PasswordPolicyStateOperation 943 createClearAccountDisabledStateOperation() 944 { 945 return new PasswordPolicyStateOperation( 946 OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE); 947 } 948 949 950 951 /** 952 * Creates a new password policy state operation that may be used to retrieve 953 * the time that the user's account will become active. The result returned 954 * should include an operation of type 955 * {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value 956 * that is the generalized time representation of the account activation time, 957 * or a {@code null} value if the account does not have an activation time. 958 * 959 * @return The created password policy state operation. 960 */ 961 public static PasswordPolicyStateOperation 962 createGetAccountActivationTimeOperation() 963 { 964 return new PasswordPolicyStateOperation( 965 OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME); 966 } 967 968 969 970 /** 971 * Creates a new password policy state operation that may be used to set the 972 * time that the user's account expires. The result returned should include 973 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a 974 * single string value that is the generalized time representation of the 975 * account activation time, or a {@code null} value if the account does not 976 * have an activation time. 977 * 978 * @param expirationTime The time that the user's account should expire. It 979 * may be {@code null} if the server should use the 980 * current time. 981 * 982 * @return The created password policy state operation. 983 */ 984 public static PasswordPolicyStateOperation 985 createSetAccountActivationTimeOperation( 986 final Date expirationTime) 987 { 988 return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME, 989 createValues(expirationTime)); 990 } 991 992 993 994 /** 995 * Creates a new password policy state operation that may be used to clear 996 * the account expiration time in the user's entry. The result returned 997 * should include an operation of type 998 * {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value 999 * that is the generalized time representation of the account activation time, 1000 * or a {@code null} value if the account does not have an activation time. 1001 * 1002 * @return The created password policy state operation. 1003 */ 1004 public static PasswordPolicyStateOperation 1005 createClearAccountActivationTimeOperation() 1006 { 1007 return new PasswordPolicyStateOperation( 1008 OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME); 1009 } 1010 1011 1012 1013 /** 1014 * Creates a new password policy state operation that may be used to determine 1015 * the length of time in seconds until the user's account becomes active. The 1016 * result returned should include an operation of type 1017 * {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION} with a single integer 1018 * value representing the number of seconds until the account becomes active, 1019 * or a {@code null} value if the account does not have an activation time. 1020 * 1021 * @return The created password policy state operation. 1022 */ 1023 public static PasswordPolicyStateOperation 1024 createGetSecondsUntilAccountActivationOperation() 1025 { 1026 return new PasswordPolicyStateOperation( 1027 OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION); 1028 } 1029 1030 1031 1032 /** 1033 * Creates a new password policy state operation that may be used to retrieve 1034 * the time that the user's account expires. The result returned should 1035 * include an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} 1036 * with a single string value that is the generalized time representation of 1037 * the account expiration time, or a {@code null} value if the account does 1038 * not have an expiration time. 1039 * 1040 * @return The created password policy state operation. 1041 */ 1042 public static PasswordPolicyStateOperation 1043 createGetAccountExpirationTimeOperation() 1044 { 1045 return new PasswordPolicyStateOperation( 1046 OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME); 1047 } 1048 1049 1050 1051 /** 1052 * Creates a new password policy state operation that may be used to set the 1053 * time that the user's account expires. The result returned should include 1054 * an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a 1055 * single string value that is the generalized time representation of the 1056 * account expiration time, or a {@code null} value if the account does not 1057 * have an expiration time. 1058 * 1059 * @param expirationTime The time that the user's account should expire. It 1060 * may be {@code null} if the server should use the 1061 * current time. 1062 * 1063 * @return The created password policy state operation. 1064 */ 1065 public static PasswordPolicyStateOperation 1066 createSetAccountExpirationTimeOperation( 1067 final Date expirationTime) 1068 { 1069 return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME, 1070 createValues(expirationTime)); 1071 } 1072 1073 1074 1075 /** 1076 * Creates a new password policy state operation that may be used to clear 1077 * the account expiration time in the user's entry. The result returned 1078 * should include an operation of type 1079 * {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a single string value 1080 * that is the generalized time representation of the account expiration time, 1081 * or a {@code null} value if the account does not have an expiration time. 1082 * 1083 * @return The created password policy state operation. 1084 */ 1085 public static PasswordPolicyStateOperation 1086 createClearAccountExpirationTimeOperation() 1087 { 1088 return new PasswordPolicyStateOperation( 1089 OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME); 1090 } 1091 1092 1093 1094 /** 1095 * Creates a new password policy state operation that may be used to determine 1096 * the length of time in seconds until the user's account is expired. The 1097 * result returned should include an operation of type 1098 * {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION} with a single integer 1099 * value representing the number of seconds until the account will expire, or 1100 * a {@code null} value if the account does not have an expiration time. 1101 * 1102 * @return The created password policy state operation. 1103 */ 1104 public static PasswordPolicyStateOperation 1105 createGetSecondsUntilAccountExpirationOperation() 1106 { 1107 return new PasswordPolicyStateOperation( 1108 OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION); 1109 } 1110 1111 1112 1113 /** 1114 * Creates a new password policy state operation that may be used to determine 1115 * when the user's password was last changed. The result returned should 1116 * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a 1117 * single string value that is the generalized time representation of the 1118 * time the password was last changed. 1119 * 1120 * @return The created password policy state operation. 1121 */ 1122 public static PasswordPolicyStateOperation 1123 createGetPasswordChangedTimeOperation() 1124 { 1125 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_CHANGED_TIME); 1126 } 1127 1128 1129 1130 /** 1131 * Creates a new password policy state operation that may be used to specify 1132 * when the user's password was last changed. The result returned should 1133 * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a 1134 * single string value that is the generalized time representation of the 1135 * time the password was last changed. 1136 * 1137 * @param passwordChangedTime The time the user's password was last changed. 1138 * It may be {@code null} if the server should 1139 * use the current time. 1140 * 1141 * @return The created password policy state operation. 1142 */ 1143 public static PasswordPolicyStateOperation 1144 createSetPasswordChangedTimeOperation( 1145 final Date passwordChangedTime) 1146 { 1147 return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_CHANGED_TIME, 1148 createValues(passwordChangedTime)); 1149 } 1150 1151 1152 1153 /** 1154 * Creates a new password policy state operation that may be used to clear 1155 * the password changed time from a user's entry. The result returned should 1156 * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a 1157 * single string value that is the generalized time representation of the 1158 * time the password was last changed, or {@code null} if it can no longer be 1159 * determined. 1160 * 1161 * @return The created password policy state operation. 1162 */ 1163 public static PasswordPolicyStateOperation 1164 createClearPasswordChangedTimeOperation() 1165 { 1166 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_CHANGED_TIME); 1167 } 1168 1169 1170 1171 /** 1172 * Creates a new password policy state operation that may be used to determine 1173 * when the user first received a password expiration warning. The result 1174 * returned should include an operation of type 1175 * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value 1176 * that is the generalized time representation of the time the user received 1177 * the first expiration warning. 1178 * 1179 * @return The created password policy state operation. 1180 */ 1181 public static PasswordPolicyStateOperation 1182 createGetPasswordExpirationWarnedTimeOperation() 1183 { 1184 return new PasswordPolicyStateOperation( 1185 OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME); 1186 } 1187 1188 1189 1190 /** 1191 * Creates a new password policy state operation that may be used to specify 1192 * when the user first received a password expiration warning. The result 1193 * returned should include an operation of type 1194 * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value 1195 * that is the generalized time representation of the time the user received 1196 * the first expiration warning. 1197 * 1198 * @param passwordExpirationWarnedTime The password expiration warned time 1199 * for the user. It may be {@code null} 1200 * if the server should use the current 1201 * time. 1202 * 1203 * @return The created password policy state operation. 1204 */ 1205 public static PasswordPolicyStateOperation 1206 createSetPasswordExpirationWarnedTimeOperation( 1207 final Date passwordExpirationWarnedTime) 1208 { 1209 return new PasswordPolicyStateOperation( 1210 OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME, 1211 createValues(passwordExpirationWarnedTime)); 1212 } 1213 1214 1215 1216 /** 1217 * Creates a new password policy state operation that may be used to clear the 1218 * password expiration warned time from the user's entry. The result returned 1219 * should include an operation of type 1220 * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value 1221 * that is the generalized time representation of the time the user received 1222 * the first expiration warning. 1223 * 1224 * @return The created password policy state operation. 1225 */ 1226 public static PasswordPolicyStateOperation 1227 createClearPasswordExpirationWarnedTimeOperation() 1228 { 1229 return new PasswordPolicyStateOperation( 1230 OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME); 1231 } 1232 1233 1234 1235 /** 1236 * Creates a new password policy state operation that may be used to determine 1237 * the length of time in seconds until the user's password expires. The 1238 * result returned should include an operation of type 1239 * {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION} with a single integer 1240 * value that is the number of seconds until the user's password expires, or 1241 * a {@code null} value if the user's password will not expire. 1242 * 1243 * @return The created password policy state operation. 1244 */ 1245 public static PasswordPolicyStateOperation 1246 createGetSecondsUntilPasswordExpirationOperation() 1247 { 1248 return new PasswordPolicyStateOperation( 1249 OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION); 1250 } 1251 1252 1253 1254 /** 1255 * Creates a new password policy state operation that may be used to determine 1256 * the length of time in seconds until the user is eligible to start receiving 1257 * password expiration warnings. The result returned should include an 1258 * operation of type {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING} 1259 * with a single integer value that is the number of seconds until the user is 1260 * eligible to receive the first expiration warning, or a {@code null} value 1261 * if the user's password will not expire. 1262 * 1263 * @return The created password policy state operation. 1264 */ 1265 public static PasswordPolicyStateOperation 1266 createGetSecondsUntilPasswordExpirationWarningOperation() 1267 { 1268 return new PasswordPolicyStateOperation( 1269 OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING); 1270 } 1271 1272 1273 1274 /** 1275 * Creates a new password policy state operation that may be used to retrieve 1276 * the times that the user has unsuccessfully tried to authenticate since the 1277 * last successful authentication. The result returned should include an 1278 * operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of 1279 * string values representing the timestamps (in generalized time format) of 1280 * the authentication failures. 1281 * 1282 * @return The created password policy state operation. 1283 */ 1284 public static PasswordPolicyStateOperation 1285 createGetAuthenticationFailureTimesOperation() 1286 { 1287 return new PasswordPolicyStateOperation(OP_TYPE_GET_AUTH_FAILURE_TIMES); 1288 } 1289 1290 1291 1292 /** 1293 * Creates a new password policy state operation that may be used to add the 1294 * current time to the set of times that the user has unsuccessfully tried to 1295 * authenticate since the last successful authentication. The result returned 1296 * should include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} 1297 * with an array of string values representing the timestamps (in generalized 1298 * time format) of the authentication failures. 1299 * 1300 * @return The created password policy state operation. 1301 */ 1302 public static PasswordPolicyStateOperation 1303 createAddAuthenticationFailureTimeOperation() 1304 { 1305 return createAddAuthenticationFailureTimeOperation(null); 1306 } 1307 1308 1309 1310 /** 1311 * Creates a new password policy state operation that may be used to add the 1312 * specified values to the set of times that the user has unsuccessfully tried 1313 * to authenticate since the last successful authentication. The result 1314 * returned should include an operation of type 1315 * {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of string values 1316 * representing the timestamps (in generalized time format) of the 1317 * authentication failures. 1318 * 1319 * @param authFailureTimes The set of authentication failure time values to 1320 * add. It may be {@code null} or empty if the 1321 * server should add the current time. 1322 * 1323 * @return The created password policy state operation. 1324 */ 1325 public static PasswordPolicyStateOperation 1326 createAddAuthenticationFailureTimeOperation( 1327 final Date[] authFailureTimes) 1328 { 1329 return new PasswordPolicyStateOperation(OP_TYPE_ADD_AUTH_FAILURE_TIME, 1330 createValues(authFailureTimes)); 1331 } 1332 1333 1334 1335 /** 1336 * Creates a new password policy state operation that may be used to specify 1337 * the set of times that the user has unsuccessfully tried to authenticate 1338 * since the last successful authentication. The result returned should 1339 * include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with 1340 * an array of string values representing the timestamps (in generalized time 1341 * format) of the authentication failures. 1342 * 1343 * @param authFailureTimes The set of times that the user has unsuccessfully 1344 * tried to authenticate since the last successful 1345 * authentication. It may be {@code null} or empty 1346 * if the server should use the current time as the 1347 * only failure time. 1348 * 1349 * @return The created password policy state operation. 1350 */ 1351 public static PasswordPolicyStateOperation 1352 createSetAuthenticationFailureTimesOperation( 1353 final Date[] authFailureTimes) 1354 { 1355 return new PasswordPolicyStateOperation(OP_TYPE_SET_AUTH_FAILURE_TIMES, 1356 createValues(authFailureTimes)); 1357 } 1358 1359 1360 1361 /** 1362 * Creates a new password policy state operation that may be used to clear the 1363 * set of times that the user has unsuccessfully tried to authenticate since 1364 * the last successful authentication. The result returned should include an 1365 * operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of 1366 * string values representing the timestamps (in generalized time format) of 1367 * the authentication failures. 1368 * 1369 * @return The created password policy state operation. 1370 */ 1371 public static PasswordPolicyStateOperation 1372 createClearAuthenticationFailureTimesOperation() 1373 { 1374 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_AUTH_FAILURE_TIMES); 1375 } 1376 1377 1378 1379 /** 1380 * Creates a new password policy state operation that may be used to determine 1381 * the length of time in seconds until the user's account is automatically 1382 * unlocked after too many failed authentication attempts. The result 1383 * returned should include an operation of type 1384 * {@link #OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK} with a single 1385 * integer value that represents the number of seconds until the account 1386 * becomes unlocked, or a {@code null} value if the account is not temporarily 1387 * locked as a result of authentication failures. 1388 * 1389 * @return The created password policy state operation. 1390 */ 1391 public static PasswordPolicyStateOperation 1392 createGetSecondsUntilAuthenticationFailureUnlockOperation() 1393 { 1394 return new PasswordPolicyStateOperation( 1395 OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK); 1396 } 1397 1398 1399 1400 /** 1401 * Creates a new password policy state operation that may be used to determine 1402 * the number of authentication failures required to lock the user's account. 1403 * The result returned should include an operation of type 1404 * {@link #OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT} with a single integer 1405 * value that represents the number of authentication failures that a user 1406 * will be permitted before the account is locked, or a {@code null} value if 1407 * the password policy is not configured to lock accounts as a result of too 1408 * many failed authentication attempts. 1409 * 1410 * @return The created password policy state operation. 1411 */ 1412 public static PasswordPolicyStateOperation 1413 createGetRemainingAuthenticationFailureCountOperation() 1414 { 1415 return new PasswordPolicyStateOperation( 1416 OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT); 1417 } 1418 1419 1420 1421 /** 1422 * Creates a new password policy state operation that may be used to determine 1423 * the time that the user last successfully authenticated to the server. The 1424 * result returned should include an operation of type 1425 * {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is 1426 * the generalized time representation of the user's last login time, or a 1427 * {@code null} value if no last login time is available. 1428 * 1429 * @return The created password policy state operation. 1430 */ 1431 public static PasswordPolicyStateOperation createGetLastLoginTimeOperation() 1432 { 1433 return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_TIME); 1434 } 1435 1436 1437 1438 /** 1439 * Creates a new password policy state operation that may be used to set 1440 * the time that the user last successfully authenticated to the server. The 1441 * result returned should include an operation of type 1442 * {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is 1443 * the generalized time representation of the user's last login time, or a 1444 * {@code null} value if no last login time is available. 1445 * 1446 * @param lastLoginTime The last login time to set in the user's entry. It 1447 * may be {@code null} if the server should use the 1448 * current time. 1449 * 1450 * @return The created password policy state operation. 1451 */ 1452 public static PasswordPolicyStateOperation 1453 createSetLastLoginTimeOperation(final Date lastLoginTime) 1454 { 1455 return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_TIME, 1456 createValues(lastLoginTime)); 1457 } 1458 1459 1460 1461 /** 1462 * Creates a new password policy state operation that may be used to clear 1463 * the last login time from the user's entry. The result returned should 1464 * include an operation of type {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a 1465 * single string value that is the generalized time representation of the 1466 * user's last login time, or a {@code null} value if no last login time is 1467 * available. 1468 * 1469 * @return The created password policy state operation. 1470 */ 1471 public static PasswordPolicyStateOperation createClearLastLoginTimeOperation() 1472 { 1473 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_LAST_LOGIN_TIME); 1474 } 1475 1476 1477 1478 /** 1479 * Creates a new password policy state operation that may be used to determine 1480 * the IP address from which the user last successfully authenticated to the 1481 * server. The result returned should include an operation of type 1482 * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that 1483 * is the user's last login IP address, or a {@code null} value if no last 1484 * login IP address is available. 1485 * 1486 * @return The created password policy state operation. 1487 */ 1488 public static PasswordPolicyStateOperation 1489 createGetLastLoginIPAddressOperation() 1490 { 1491 return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS); 1492 } 1493 1494 1495 1496 /** 1497 * Creates a new password policy state operation that may be used to set 1498 * the IP address from which the user last successfully authenticated to the 1499 * server. The result returned should include an operation of type 1500 * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that 1501 * is the user's last login IP address, or a {@code null} value if no last 1502 * login IP address is available. 1503 * 1504 * @param lastLoginIPAddress The last login IP address to set in the user's 1505 * entry. It must not be {@code null}. 1506 * 1507 * @return The created password policy state operation. 1508 */ 1509 public static PasswordPolicyStateOperation 1510 createSetLastLoginIPAddressOperation( 1511 final String lastLoginIPAddress) 1512 { 1513 final ASN1OctetString[] values = 1514 { 1515 new ASN1OctetString(lastLoginIPAddress) 1516 }; 1517 1518 return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS, 1519 values); 1520 } 1521 1522 1523 1524 /** 1525 * Creates a new password policy state operation that may be used to clear 1526 * the last login IP address from the user's entry. The result returned 1527 * should include an operation of type 1528 * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that 1529 * is the user's last login IP address, or a {@code null} value if no last 1530 * login IP address is available. 1531 * 1532 * @return The created password policy state operation. 1533 */ 1534 public static PasswordPolicyStateOperation 1535 createClearLastLoginIPAddressOperation() 1536 { 1537 return new PasswordPolicyStateOperation( 1538 OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS); 1539 } 1540 1541 1542 1543 /** 1544 * Creates a new password policy state operation that may be used to determine 1545 * the length of time in seconds until the user's account is locked due to 1546 * inactivity. The result returned should include an operation of type 1547 * {@link #OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT} with a single integer value 1548 * that represents the number of seconds until the user's account is locked as 1549 * a result of being idle for too long, or a {@code null} value if no idle 1550 * account lockout is configured. 1551 * 1552 * @return The created password policy state operation. 1553 */ 1554 public static PasswordPolicyStateOperation 1555 createGetSecondsUntilIdleLockoutOperation() 1556 { 1557 return new PasswordPolicyStateOperation( 1558 OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT); 1559 } 1560 1561 1562 1563 /** 1564 * Creates a new password policy state operation that may be used to determine 1565 * whether the user's password has been reset by an administrator and must be 1566 * changed before performing any other operations. The result returned should 1567 * include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a 1568 * single boolean value of {@code true} if the user's password must be changed 1569 * before the account can be used, or {@code false} if not. 1570 * 1571 * @return The created password policy state operation. 1572 */ 1573 public static PasswordPolicyStateOperation 1574 createGetPasswordResetStateOperation() 1575 { 1576 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_RESET_STATE); 1577 } 1578 1579 1580 1581 /** 1582 * Creates a new password policy state operation that may be used to specify 1583 * whether the user's password has been reset by an administrator and must be 1584 * changed before performing any other operations. The result returned should 1585 * include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a 1586 * single boolean value of {@code true} if the user's password must be changed 1587 * before the account can be used, or {@code false} if not. 1588 * 1589 * @param isReset Specifies whether the user's password must be changed 1590 * before performing any other operations. 1591 * 1592 * @return The created password policy state operation. 1593 */ 1594 public static PasswordPolicyStateOperation 1595 createSetPasswordResetStateOperation(final boolean isReset) 1596 { 1597 final ASN1OctetString[] values = 1598 { 1599 new ASN1OctetString(String.valueOf(isReset)) 1600 }; 1601 1602 return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_RESET_STATE, values); 1603 } 1604 1605 1606 1607 /** 1608 * Creates a new password policy state operation that may be used to clear the 1609 * password reset state information in the user's entry. The result returned 1610 * should include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} 1611 * with a single boolean value of {@code true} if the user's password must be 1612 * changed before the account can be used, or {@code false} if not. 1613 * 1614 * @return The created password policy state operation. 1615 */ 1616 public static PasswordPolicyStateOperation 1617 createClearPasswordResetStateOperation() 1618 { 1619 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_RESET_STATE); 1620 } 1621 1622 1623 1624 /** 1625 * Creates a new password policy state operation that may be used to determine 1626 * the length of time in seconds that the user has left to change his/her 1627 * password after an administrative reset before the account is locked. The 1628 * result returned should include an operation of type 1629 * {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT} with a single integer 1630 * value that represents the number of seconds until the user's account will 1631 * be locked unless the password is reset, or a {@code null} value if the 1632 * user's password is not in a "must change" state. 1633 * 1634 * @return The created password policy state operation. 1635 */ 1636 public static PasswordPolicyStateOperation 1637 createGetSecondsUntilPasswordResetLockoutOperation() 1638 { 1639 return new PasswordPolicyStateOperation( 1640 OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT); 1641 } 1642 1643 1644 1645 /** 1646 * Creates a new password policy state operation that may be used to retrieve 1647 * the set of times that the user has authenticated using grace logins since 1648 * his/her password expired. The result returned should include an operation 1649 * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string 1650 * values in generalized time format. 1651 * 1652 * @return The created password policy state operation. 1653 */ 1654 public static PasswordPolicyStateOperation 1655 createGetGraceLoginUseTimesOperation() 1656 { 1657 return new PasswordPolicyStateOperation(OP_TYPE_GET_GRACE_LOGIN_USE_TIMES); 1658 } 1659 1660 1661 1662 /** 1663 * Creates a new password policy state operation that may be used to add the 1664 * current time to the set of times that the user has authenticated using 1665 * grace logins since his/her password expired. The result returned should 1666 * include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} 1667 * with an array of string values in generalized time format. 1668 * 1669 * @return The created password policy state operation. 1670 */ 1671 public static PasswordPolicyStateOperation 1672 createAddGraceLoginUseTimeOperation() 1673 { 1674 return createAddGraceLoginUseTimeOperation(null); 1675 } 1676 1677 1678 1679 /** 1680 * Creates a new password policy state operation that may be used to add the 1681 * current time to the set of times that the user has authenticated using 1682 * grace logins since his/her password expired. The result returned should 1683 * include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} 1684 * with an array of string values in generalized time format. 1685 * 1686 * @param graceLoginUseTimes The set of grace login use times to add. It 1687 * may be {@code null} or empty if the server 1688 * should add the current time to the set of grace 1689 * login times. 1690 * 1691 * @return The created password policy state operation. 1692 */ 1693 public static PasswordPolicyStateOperation 1694 createAddGraceLoginUseTimeOperation( 1695 final Date[] graceLoginUseTimes) 1696 { 1697 return new PasswordPolicyStateOperation(OP_TYPE_ADD_GRACE_LOGIN_USE_TIME, 1698 createValues(graceLoginUseTimes)); 1699 } 1700 1701 1702 1703 /** 1704 * Creates a new password policy state operation that may be used to specify 1705 * the set of times that the user has authenticated using grace logins since 1706 * his/her password expired. The result returned should include an operation 1707 * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string 1708 * values in generalized time format. 1709 * 1710 * @param graceLoginUseTimes The set of times that the user has 1711 * authenticated using grace logins since his/her 1712 * password expired. It amy be {@code null} or 1713 * empty if the server should use the current time 1714 * as the only grace login use time. 1715 * 1716 * @return The created password policy state operation. 1717 */ 1718 public static PasswordPolicyStateOperation 1719 createSetGraceLoginUseTimesOperation( 1720 final Date[] graceLoginUseTimes) 1721 { 1722 return new PasswordPolicyStateOperation(OP_TYPE_SET_GRACE_LOGIN_USE_TIMES, 1723 createValues(graceLoginUseTimes)); 1724 } 1725 1726 1727 1728 /** 1729 * Creates a new password policy state operation that may be used to clear 1730 * the set of times that the user has authenticated using grace logins since 1731 * his/her password expired. The result returned should include an operation 1732 * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string 1733 * values in generalized time format. 1734 * 1735 * @return The created password policy state operation. 1736 */ 1737 public static PasswordPolicyStateOperation 1738 createClearGraceLoginUseTimesOperation() 1739 { 1740 return new PasswordPolicyStateOperation( 1741 OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES); 1742 } 1743 1744 1745 1746 /** 1747 * Creates a new password policy state operation that may be used to retrieve 1748 * the number of remaining grace logins available to the user. The result 1749 * returned should include an operation of type 1750 * {@link #OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT} with a single integer 1751 * value that represents the number of remaining grace logins, or a 1752 * {@code null} value if grace login functionality is not enabled for the 1753 * user. 1754 * 1755 * @return The created password policy state operation. 1756 */ 1757 public static PasswordPolicyStateOperation 1758 createGetRemainingGraceLoginCountOperation() 1759 { 1760 return new PasswordPolicyStateOperation( 1761 OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT); 1762 } 1763 1764 1765 1766 /** 1767 * Creates a new password policy state operation that may be used to retrieve 1768 * the last required password change time that with which the user has 1769 * complied. The result returned should include an operation of type 1770 * {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string 1771 * value that is the generalized time representation of the most recent 1772 * required password change time with which the user complied, or a 1773 * {@code null} value if this is not available for the user. 1774 * 1775 * @return The created password policy state operation. 1776 */ 1777 public static PasswordPolicyStateOperation 1778 createGetPasswordChangedByRequiredTimeOperation() 1779 { 1780 return new PasswordPolicyStateOperation( 1781 OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME); 1782 } 1783 1784 1785 1786 /** 1787 * Creates a new password policy state operation that may be used to update 1788 * the user's entry to indicate that he/she has complied with the required 1789 * password change time. The result returned should include an operation of 1790 * type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string 1791 * value that is the generalized time representation of the most recent 1792 * required password change time with which the user complied, or a 1793 * {@code null} value if this is not available for the user. 1794 * 1795 * @return The created password policy state operation. 1796 */ 1797 public static PasswordPolicyStateOperation 1798 createSetPasswordChangedByRequiredTimeOperation() 1799 { 1800 return createSetPasswordChangedByRequiredTimeOperation(null); 1801 } 1802 1803 1804 1805 /** 1806 * Creates a new password policy state operation that may be used to update 1807 * the user's entry to indicate that he/she has complied with the required 1808 * password change time. The result returned should include an operation of 1809 * type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string 1810 * value that is the generalized time representation of the most recent 1811 * required password change time with which the user complied, or a 1812 * {@code null} value if this is not available for the user. 1813 * 1814 * @param requiredTime The required password changed time with which the 1815 * user has complied. It may be {@code null} if the 1816 * server should use the most recent required change 1817 * time. 1818 * 1819 * @return The created password policy state operation. 1820 */ 1821 public static PasswordPolicyStateOperation 1822 createSetPasswordChangedByRequiredTimeOperation( 1823 final Date requiredTime) 1824 { 1825 return new PasswordPolicyStateOperation( 1826 OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME, createValues(requiredTime)); 1827 } 1828 1829 1830 1831 /** 1832 * Creates a new password policy state operation that may be used to clear 1833 * the last required password change time from the user's entry. The result 1834 * returned should include an operation of type 1835 * {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string value 1836 * that is the generalized time representation of the most recent required 1837 * password change time with which the user complied, or a {@code null} value 1838 * if this is not available for the user. 1839 * 1840 * @return The created password policy state operation. 1841 */ 1842 public static PasswordPolicyStateOperation 1843 createClearPasswordChangedByRequiredTimeOperation() 1844 { 1845 return new PasswordPolicyStateOperation( 1846 OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME); 1847 } 1848 1849 1850 1851 /** 1852 * Creates a new password policy state operation that may be used to retrieve 1853 * the length of time in seconds until the required password change time 1854 * arrives. The result returned should include an operation of type 1855 * {@link #OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME} with a single 1856 * integer value that represents the number of seconds before the user will 1857 * be required to change his/her password as a result of the 1858 * require-change-by-time property, or a {@code null} value if the user is 1859 * not required to change their password for this reason. 1860 * 1861 * @return The created password policy state operation. 1862 */ 1863 public static PasswordPolicyStateOperation 1864 createGetSecondsUntilRequiredChangeTimeOperation() 1865 { 1866 return new PasswordPolicyStateOperation( 1867 OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME); 1868 } 1869 1870 1871 1872 /** 1873 * Creates a new password policy state operation that may be used to retrieve 1874 * the password history values stored in the user's entry. The result 1875 * returned should include an operation of type 1876 * {@link #OP_TYPE_GET_PW_HISTORY} with an array of strings representing the 1877 * user's password history content. 1878 * 1879 * @return The created password policy state operation. 1880 * 1881 * @deprecated This method has been deprecated in favor of the 1882 * {@link #createGetPasswordHistoryCountOperation} method. 1883 */ 1884 @Deprecated() 1885 @SuppressWarnings("deprecation") 1886 public static PasswordPolicyStateOperation createGetPasswordHistoryOperation() 1887 { 1888 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY); 1889 } 1890 1891 1892 1893 /** 1894 * Creates a new password policy state operation that may be used to clear the 1895 * password history values stored in the user's entry. The result returned 1896 * should include an operation of type {@link #OP_TYPE_GET_PW_HISTORY} with an 1897 * array of strings representing the user's password history content. 1898 * 1899 * @return The created password policy state operation. 1900 */ 1901 public static PasswordPolicyStateOperation 1902 createClearPasswordHistoryOperation() 1903 { 1904 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_HISTORY); 1905 } 1906 1907 1908 1909 /** 1910 * Creates a new password policy state operation that may be used to determine 1911 * whether the user has a valid retired password. The result returned should 1912 * include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a 1913 * single boolean value of {@code true} if the user has a valid retired 1914 * password, or {@code false} if not. 1915 * 1916 * @return The created password policy state operation. 1917 */ 1918 public static PasswordPolicyStateOperation createHasRetiredPasswordOperation() 1919 { 1920 return new PasswordPolicyStateOperation(OP_TYPE_HAS_RETIRED_PASSWORD); 1921 } 1922 1923 1924 1925 /** 1926 * Creates a new password policy state operation that may be used to determine 1927 * the time that the user's former password was retired. The result returned 1928 * should include an operation of type 1929 * {@link #OP_TYPE_GET_PASSWORD_RETIRED_TIME} with a single string value that 1930 * is the generalized time representation of the time the user's former 1931 * password was retired, or a {@code null} value if the user does not have a 1932 * valid retired password. 1933 * 1934 * @return The created password policy state operation. 1935 */ 1936 public static PasswordPolicyStateOperation 1937 createGetPasswordRetiredTimeOperation() 1938 { 1939 return new PasswordPolicyStateOperation(OP_TYPE_GET_PASSWORD_RETIRED_TIME); 1940 } 1941 1942 1943 1944 /** 1945 * Creates a new password policy state operation that may be used to determine 1946 * the length of time until the user's retired password expires. The result 1947 * returned should include an operation of type 1948 * {@link #OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME} with a single string 1949 * value that is the generalized time representation of the time the user's 1950 * retired password will cease to be valid, or a {@code null} value if the 1951 * user does not have a valid retired password. 1952 * 1953 * @return The created password policy state operation. 1954 */ 1955 public static PasswordPolicyStateOperation 1956 createGetRetiredPasswordExpirationTimeOperation() 1957 { 1958 return new PasswordPolicyStateOperation( 1959 OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME); 1960 } 1961 1962 1963 1964 /** 1965 * Creates a new password policy state operation that may be used to purge 1966 * any retired password from the user's entry. The result returned should 1967 * include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a 1968 * single boolean value of {@code true} if the user has a valid retired 1969 * password, or {@code false} if not. 1970 * 1971 * @return The created password policy state operation. 1972 */ 1973 public static PasswordPolicyStateOperation 1974 createPurgeRetiredPasswordOperation() 1975 { 1976 return new PasswordPolicyStateOperation(OP_TYPE_PURGE_RETIRED_PASSWORD); 1977 } 1978 1979 1980 1981 /** 1982 * Creates a new password policy state operation that may be used to retrieve 1983 * information about any password policy state notices pertaining to the 1984 * usability of the user's account. The result returned should include an 1985 * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES} with an 1986 * array of strings that represent 1987 * {@link PasswordPolicyStateAccountUsabilityWarning} values. 1988 * 1989 * @return The created password policy state operation. 1990 */ 1991 public static PasswordPolicyStateOperation 1992 createGetAccountUsabilityNoticesOperation() 1993 { 1994 return new PasswordPolicyStateOperation( 1995 OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES); 1996 } 1997 1998 1999 2000 /** 2001 * Creates a new password policy state operation that may be used to retrieve 2002 * information about any password policy state warnings that may impact the 2003 * usability of the user's account. The result returned should include an 2004 * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS} with an 2005 * array of strings that represent 2006 * {@link PasswordPolicyStateAccountUsabilityWarning} values. 2007 * 2008 * @return The created password policy state operation. 2009 */ 2010 public static PasswordPolicyStateOperation 2011 createGetAccountUsabilityWarningsOperation() 2012 { 2013 return new PasswordPolicyStateOperation( 2014 OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS); 2015 } 2016 2017 2018 2019 /** 2020 * Creates a new password policy state operation that may be used to retrieve 2021 * information about any password policy state errors that may impact the 2022 * usability of the user's account. The result returned should include an 2023 * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS} with an 2024 * array of strings that represent 2025 * {@link PasswordPolicyStateAccountUsabilityError} values. 2026 * 2027 * @return The created password policy state operation. 2028 */ 2029 public static PasswordPolicyStateOperation 2030 createGetAccountUsabilityErrorsOperation() 2031 { 2032 return new PasswordPolicyStateOperation( 2033 OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS); 2034 } 2035 2036 2037 2038 /** 2039 * Creates a new password policy state operation that may be used to determine 2040 * whether an account is usable (i.e., the account will be allowed to 2041 * authenticate and/or be used as an alternate authorization identity. The 2042 * result returned should include an operation of type 2043 * {@link #OP_TYPE_GET_ACCOUNT_IS_USABLE} with a single boolean value that 2044 * indicates whether the account is usable. 2045 * 2046 * @return The created password policy state operation. 2047 */ 2048 public static PasswordPolicyStateOperation 2049 createGetAccountIsUsableOperation() 2050 { 2051 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_USABLE); 2052 } 2053 2054 2055 2056 /** 2057 * Creates a new password policy state operation that may be used to determine 2058 * whether an account has an activation time that is in the future. The 2059 * result returned should include an operation of type 2060 * {@link #OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE} with a single boolean value 2061 * that indicates whether the account is not yet active. 2062 * 2063 * @return The created password policy state operation. 2064 */ 2065 public static PasswordPolicyStateOperation 2066 createGetAccountIsNotYetActiveOperation() 2067 { 2068 return new PasswordPolicyStateOperation( 2069 OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE); 2070 } 2071 2072 2073 2074 /** 2075 * Creates a new password policy state operation that may be used to determine 2076 * whether an account has an expiration time that is in the past. The result 2077 * returned should include an operation of type 2078 * {@link #OP_TYPE_GET_ACCOUNT_IS_EXPIRED} with a single boolean value that 2079 * indicates whether the account is expired. 2080 * 2081 * @return The created password policy state operation. 2082 */ 2083 public static PasswordPolicyStateOperation 2084 createGetAccountIsExpiredOperation() 2085 { 2086 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_EXPIRED); 2087 } 2088 2089 2090 2091 /** 2092 * Creates a new password policy state operation that may be used to determine 2093 * when a user's password is expected to expire. The result returned should 2094 * include an operation of type {@link #OP_TYPE_GET_PW_EXPIRATION_TIME} with a 2095 * single string value that is the generalized time representation of the 2096 * password expiration time. 2097 * 2098 * @return The created password policy state operation. 2099 */ 2100 public static PasswordPolicyStateOperation 2101 createGetPasswordExpirationTimeOperation() 2102 { 2103 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_EXPIRATION_TIME); 2104 } 2105 2106 2107 2108 /** 2109 * Creates a new password policy state operation that may be used to determine 2110 * whether an account has been locked because of too many failed 2111 * authentication attempts. The result returned should include an operation 2112 * of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single 2113 * boolean value that indicates whether the account is failure locked. 2114 * 2115 * @return The created password policy state operation. 2116 */ 2117 public static PasswordPolicyStateOperation 2118 createGetAccountIsFailureLockedOperation() 2119 { 2120 return new PasswordPolicyStateOperation( 2121 OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED); 2122 } 2123 2124 2125 2126 /** 2127 * Creates a new password policy state operation that may be used to specify 2128 * whether an account should be locked because of too many failed 2129 * authentication attempts. The result returned should include an operation 2130 * of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single 2131 * boolean value that indicates whether the account is failure locked. 2132 * 2133 * @param isFailureLocked Indicates whether the account should be locked 2134 * because of too many failed attempts. 2135 * 2136 * @return The created password policy state operation. 2137 */ 2138 public static PasswordPolicyStateOperation 2139 createSetAccountIsFailureLockedOperation( 2140 final boolean isFailureLocked) 2141 { 2142 final ASN1OctetString[] values = 2143 { 2144 new ASN1OctetString(String.valueOf(isFailureLocked)) 2145 }; 2146 2147 return new PasswordPolicyStateOperation( 2148 OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED, values); 2149 } 2150 2151 2152 2153 /** 2154 * Creates a new password policy state operation that may be used to determine 2155 * when a user's password is was locked because of too many failed 2156 * authentication attempts. The result returned should include an operation 2157 * of type {@link #OP_TYPE_GET_FAILURE_LOCKOUT_TIME} with a single string 2158 * value that is the generalized time representation of the failure lockout 2159 * time. 2160 * 2161 * @return The created password policy state operation. 2162 */ 2163 public static PasswordPolicyStateOperation 2164 createGetFailureLockoutTimeOperation() 2165 { 2166 return new PasswordPolicyStateOperation(OP_TYPE_GET_FAILURE_LOCKOUT_TIME); 2167 } 2168 2169 2170 2171 /** 2172 * Creates a new password policy state operation that may be used to determine 2173 * whether an account has been locked because it has remained idle for too 2174 * long. The result returned should include an operation of type 2175 * {@link #OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED} with a single boolean value 2176 * that indicates whether the account is idle locked. 2177 * 2178 * @return The created password policy state operation. 2179 */ 2180 public static PasswordPolicyStateOperation 2181 createGetAccountIsIdleLockedOperation() 2182 { 2183 return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED); 2184 } 2185 2186 2187 2188 /** 2189 * Creates a new password policy state operation that may be used to determine 2190 * when a user's password is was locked because of the idle account lockout. 2191 * The result returned should include an operation of type 2192 * {@link #OP_TYPE_GET_IDLE_LOCKOUT_TIME} with a single string value that is 2193 * the generalized time representation of the idle lockout time. 2194 * 2195 * @return The created password policy state operation. 2196 */ 2197 public static PasswordPolicyStateOperation 2198 createGetIdleLockoutTimeOperation() 2199 { 2200 return new PasswordPolicyStateOperation(OP_TYPE_GET_IDLE_LOCKOUT_TIME); 2201 } 2202 2203 2204 2205 /** 2206 * Creates a new password policy state operation that may be used to determine 2207 * whether an account has been locked because the user failed to change their 2208 * password in a timely manner after an administrative reset. The result 2209 * returned should include an operation of type 2210 * {@link #OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED} with a single boolean value 2211 * that indicates whether the account is reset locked. 2212 * 2213 * @return The created password policy state operation. 2214 */ 2215 public static PasswordPolicyStateOperation 2216 createGetAccountIsResetLockedOperation() 2217 { 2218 return new PasswordPolicyStateOperation( 2219 OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED); 2220 } 2221 2222 2223 2224 /** 2225 * Creates a new password policy state operation that may be used to determine 2226 * when a user's password is was locked because the user failed to change 2227 * their password in a timely manner after an administrative reset. The 2228 * result returned should include an operation of type 2229 * {@link #OP_TYPE_GET_RESET_LOCKOUT_TIME} with a single string value that is 2230 * the generalized time representation of the reset lockout time. 2231 * 2232 * @return The created password policy state operation. 2233 */ 2234 public static PasswordPolicyStateOperation 2235 createGetResetLockoutTimeOperation() 2236 { 2237 return new PasswordPolicyStateOperation(OP_TYPE_GET_RESET_LOCKOUT_TIME); 2238 } 2239 2240 2241 2242 /** 2243 * Creates a new password policy state operation that may be used to retrieve 2244 * the number of passwords currently held in a user's password history. The 2245 * result returned should include an operation of type 2246 * {@link #OP_TYPE_GET_PW_HISTORY_COUNT} with a single integer value that 2247 * represents the number of passwords in the history, or a {@code null} value 2248 * if a password history is not enabled for the user. 2249 * 2250 * @return The created password policy state operation. 2251 */ 2252 public static PasswordPolicyStateOperation 2253 createGetPasswordHistoryCountOperation() 2254 { 2255 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY_COUNT); 2256 } 2257 2258 2259 2260 /** 2261 * Creates a new password policy state operation that may be used to determine 2262 * whether a user's password is expired. The result returned should include 2263 * an operation of type {@link #OP_TYPE_GET_PW_IS_EXPIRED} with a single 2264 * Boolean value that indicates whether the password is expired, or a 2265 * {@code null} value if password expiration is not enabled for the user. 2266 * 2267 * @return The created password policy state operation. 2268 */ 2269 public static PasswordPolicyStateOperation 2270 createGetPasswordIsExpiredOperation() 2271 { 2272 return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_IS_EXPIRED); 2273 } 2274 2275 2276 2277 /** 2278 * Creates a new password policy state operation that may be used to retrieve 2279 * a list of the SASL mechanisms that are available for a user. This will 2280 * take into consideration the server's configuration, the types of 2281 * credentials that a user has, and per-user constraints and preferences. 2282 * 2283 * @return The created password policy state operation. 2284 */ 2285 public static PasswordPolicyStateOperation 2286 createGetAvailableSASLMechanismsOperation() 2287 { 2288 return new PasswordPolicyStateOperation( 2289 OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS); 2290 } 2291 2292 2293 2294 /** 2295 * Creates a new password policy state operation that may be used to retrieve 2296 * a list of the one-time password delivery mechanisms that are available for 2297 * a user. If the user's entry includes information about which OTP delivery 2298 * mechanisms are preferred, the list will be ordered from most preferred to 2299 * least preferred. 2300 * 2301 * @return The created password policy state operation. 2302 */ 2303 public static PasswordPolicyStateOperation 2304 createGetAvailableOTPDeliveryMechanismsOperation() 2305 { 2306 return new PasswordPolicyStateOperation( 2307 OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS); 2308 } 2309 2310 2311 2312 /** 2313 * Creates a new password policy state operation that may be used to determine 2314 * whether the user has at least one TOTP shared secret. The result returned 2315 * should include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} 2316 * with a single boolean value of {@code true} if the user has one or more 2317 * TOTP shared secrets, or {@code false} if not. 2318 * 2319 * @return The created password policy state operation. 2320 */ 2321 public static PasswordPolicyStateOperation createHasTOTPSharedSecret() 2322 { 2323 return new PasswordPolicyStateOperation(OP_TYPE_HAS_TOTP_SHARED_SECRET); 2324 } 2325 2326 2327 2328 /** 2329 * Creates a new password policy state operation that may be used to add one 2330 * or more values to the set of TOTP shared secrets for a user. The result 2331 * returned should include an operation of type 2332 * {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of 2333 * {@code true} if the user has one or more TOTP shared secrets, or 2334 * {@code false} if not. 2335 * 2336 * @param totpSharedSecrets The base32-encoded representations of the TOTP 2337 * shared secrets to add to the user. It must not 2338 * be {@code null} or empty. 2339 * 2340 * @return The created password policy state operation. 2341 */ 2342 public static PasswordPolicyStateOperation 2343 createAddTOTPSharedSecretOperation( 2344 final String... totpSharedSecrets) 2345 { 2346 final ASN1OctetString[] values = 2347 new ASN1OctetString[totpSharedSecrets.length]; 2348 for (int i=0; i < totpSharedSecrets.length; i++) 2349 { 2350 values[i] = new ASN1OctetString(totpSharedSecrets[i]); 2351 } 2352 2353 return new PasswordPolicyStateOperation(OP_TYPE_ADD_TOTP_SHARED_SECRET, 2354 values); 2355 } 2356 2357 2358 2359 /** 2360 * Creates a new password policy state operation that may be used to remove 2361 * one or more values from the set of TOTP shared secrets for a user. The 2362 * result returned should include an operation of type 2363 * {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of 2364 * {@code true} if the user has one or more TOTP shared secrets, or 2365 * {@code false} if not. 2366 * 2367 * @param totpSharedSecrets The base32-encoded representations of the TOTP 2368 * shared secrets to remove from the user. It must 2369 * not be {@code null} or empty. 2370 * 2371 * @return The created password policy state operation. 2372 */ 2373 public static PasswordPolicyStateOperation 2374 createRemoveTOTPSharedSecretOperation( 2375 final String... totpSharedSecrets) 2376 { 2377 final ASN1OctetString[] values = 2378 new ASN1OctetString[totpSharedSecrets.length]; 2379 for (int i=0; i < totpSharedSecrets.length; i++) 2380 { 2381 values[i] = new ASN1OctetString(totpSharedSecrets[i]); 2382 } 2383 2384 return new PasswordPolicyStateOperation(OP_TYPE_REMOVE_TOTP_SHARED_SECRET, 2385 values); 2386 } 2387 2388 2389 2390 /** 2391 * Creates a new password policy state operation that may be used to replace 2392 * the set of TOTP shared secrets for a user. The result returned should 2393 * include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a 2394 * single boolean value of {@code true} if the user has one or more TOTP 2395 * shared secrets, or {@code false} if not. 2396 * 2397 * @param totpSharedSecrets The base32-encoded representations of the TOTP 2398 * shared secrets for the user. It must not be 2399 * {@code null} but may be empty. 2400 * 2401 * @return The created password policy state operation. 2402 */ 2403 public static PasswordPolicyStateOperation 2404 createSetTOTPSharedSecretsOperation( 2405 final String... totpSharedSecrets) 2406 { 2407 final ASN1OctetString[] values = 2408 new ASN1OctetString[totpSharedSecrets.length]; 2409 for (int i=0; i < totpSharedSecrets.length; i++) 2410 { 2411 values[i] = new ASN1OctetString(totpSharedSecrets[i]); 2412 } 2413 2414 return new PasswordPolicyStateOperation(OP_TYPE_SET_TOTP_SHARED_SECRETS, 2415 values); 2416 } 2417 2418 2419 2420 /** 2421 * Creates a new password policy state operation that may be used to clear 2422 * the set of TOTP shared secrets for a user. The result returned should 2423 * include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a 2424 * single boolean value of {@code true} if the user has one or more TOTP 2425 * shared secrets, or {@code false} if not. 2426 * 2427 * @return The created password policy state operation. 2428 */ 2429 public static PasswordPolicyStateOperation 2430 createClearTOTPSharedSecretsOperation() 2431 { 2432 return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_TOTP_SHARED_SECRETS); 2433 } 2434 2435 2436 2437 /** 2438 * Creates a new password policy state operation that may be used to determine 2439 * whether the user has at least one registered YubiKey OTP device. The 2440 * result returned should include an operation of type 2441 * {@link #OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID} 2442 * with a single boolean value of {@code true} if the user has one or more 2443 * registered devices, or {@code false} if not. 2444 * 2445 * @return The created password policy state operation. 2446 */ 2447 public static PasswordPolicyStateOperation createHasYubiKeyPublicIDOperation() 2448 { 2449 return new PasswordPolicyStateOperation( 2450 OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID); 2451 } 2452 2453 2454 2455 /** 2456 * Creates a new password policy state operation that may be used to retrieve 2457 * the public IDs of the YubiKey OTP devices registered for a user. The 2458 * result returned should include an operation of type 2459 * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string 2460 * values that represent the public IDs of the registered YubiKey OTP devices. 2461 * 2462 * @return The created password policy state operation. 2463 */ 2464 public static PasswordPolicyStateOperation 2465 createGetRegisteredYubiKeyPublicIDsOperation() 2466 { 2467 return new PasswordPolicyStateOperation( 2468 OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS); 2469 } 2470 2471 2472 2473 /** 2474 * Creates a new password policy state operation that may be used to add one 2475 * or more values to the set of the public IDs of the YubiKey OTP devices 2476 * registered for a user. The result returned should include an operation of 2477 * type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of 2478 * string values that represent the public IDs of the registered YubiKey OTP 2479 * devices. 2480 * 2481 * @param publicIDs The set of public IDs to add to the set of YubiKey OTP 2482 * devices registered for the user. It must not be 2483 * {@code null} or empty. 2484 * 2485 * @return The created password policy state operation. 2486 */ 2487 public static PasswordPolicyStateOperation 2488 createAddRegisteredYubiKeyPublicIDOperation( 2489 final String... publicIDs) 2490 { 2491 final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length]; 2492 for (int i=0; i < publicIDs.length; i++) 2493 { 2494 values[i] = new ASN1OctetString(publicIDs[i]); 2495 } 2496 2497 return new PasswordPolicyStateOperation( 2498 OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID, values); 2499 } 2500 2501 2502 2503 /** 2504 * Creates a new password policy state operation that may be used to remove 2505 * one or more values from the set of the public IDs of the YubiKey OTP 2506 * devices registered for a user. The result returned should include an 2507 * operation of type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with 2508 * an array of string values that represent the public IDs of the registered 2509 * YubiKey OTP devices. 2510 * 2511 * @param publicIDs The set of public IDs to remove from the set of YubiKey 2512 * OTP devices registered for the user. It must not be 2513 * {@code null} or empty. 2514 * 2515 * @return The created password policy state operation. 2516 */ 2517 public static PasswordPolicyStateOperation 2518 createRemoveRegisteredYubiKeyPublicIDOperation( 2519 final String... publicIDs) 2520 { 2521 final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length]; 2522 for (int i=0; i < publicIDs.length; i++) 2523 { 2524 values[i] = new ASN1OctetString(publicIDs[i]); 2525 } 2526 2527 return new PasswordPolicyStateOperation( 2528 OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, values); 2529 } 2530 2531 2532 2533 /** 2534 * Creates a new password policy state operation that may be used to replace 2535 * the set of the public IDs of the YubiKey OTP devices registered for a user. 2536 * The result returned should include an operation of type 2537 * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string 2538 * values that represent the public IDs of the registered YubiKey OTP devices. 2539 * 2540 * @param publicIDs The set of public IDs for the YubiKey OTP devices 2541 * registered for the user. It must not be {@code null} 2542 * but may be empty. 2543 * 2544 * @return The created password policy state operation. 2545 */ 2546 public static PasswordPolicyStateOperation 2547 createSetRegisteredYubiKeyPublicIDsOperation( 2548 final String... publicIDs) 2549 { 2550 final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length]; 2551 for (int i=0; i < publicIDs.length; i++) 2552 { 2553 values[i] = new ASN1OctetString(publicIDs[i]); 2554 } 2555 2556 return new PasswordPolicyStateOperation( 2557 OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS, values); 2558 } 2559 2560 2561 2562 /** 2563 * Creates a new password policy state operation that may be used to clear 2564 * the set of the public IDs of the YubiKey OTP devices registered for a user. 2565 * The result returned should include an operation of type 2566 * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string 2567 * values that represent the public IDs of the registered YubiKey OTP devices. 2568 * 2569 * @return The created password policy state operation. 2570 */ 2571 public static PasswordPolicyStateOperation 2572 createClearRegisteredYubiKeyPublicIDsOperation() 2573 { 2574 return new PasswordPolicyStateOperation( 2575 OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS); 2576 } 2577 2578 2579 2580 /** 2581 * Creates a new password policy state operation that may be used to determine 2582 * whether the user has a static password. The result should include an 2583 * operation of type {@link #OP_TYPE_HAS_STATIC_PASSWORD} with a single 2584 * boolean value of {@code true} if the user has a static password, or 2585 * {@code false} if not. 2586 * 2587 * @return The created password policy state operation. 2588 */ 2589 public static PasswordPolicyStateOperation createHasStaticPasswordOperation() 2590 { 2591 return new PasswordPolicyStateOperation(OP_TYPE_HAS_STATIC_PASSWORD); 2592 } 2593 2594 2595 2596 /** 2597 * Retrieves the operation type for this password policy state operation. 2598 * 2599 * @return The operation type for this password policy state operation. 2600 */ 2601 public int getOperationType() 2602 { 2603 return opType; 2604 } 2605 2606 2607 2608 /** 2609 * Retrieves the set of raw values for this password policy state operation. 2610 * 2611 * @return The set of raw values for this password policy state operation. 2612 */ 2613 public ASN1OctetString[] getRawValues() 2614 { 2615 return values; 2616 } 2617 2618 2619 2620 /** 2621 * Retrieves the string representation of the value for this password policy 2622 * state operation. If there are multiple values, then the first will be 2623 * returned. 2624 * 2625 * @return The string representation of the value for this password policy 2626 * state operation, or {@code null} if there are no values. 2627 */ 2628 public String getStringValue() 2629 { 2630 if (values.length == 0) 2631 { 2632 return null; 2633 } 2634 else 2635 { 2636 return values[0].stringValue(); 2637 } 2638 } 2639 2640 2641 2642 /** 2643 * Retrieves the string representations of the values for this password policy 2644 * state operation. 2645 * 2646 * @return The string representations of the values for this password policy 2647 * state operation. 2648 */ 2649 public String[] getStringValues() 2650 { 2651 final String[] stringValues = new String[values.length]; 2652 for (int i=0; i < values.length; i++) 2653 { 2654 stringValues[i] = values[i].stringValue(); 2655 } 2656 2657 return stringValues; 2658 } 2659 2660 2661 2662 /** 2663 * Retrieves the boolean representation of the value for this password policy 2664 * state operation. 2665 * 2666 * @return The boolean representation of the value for this password policy 2667 * state operation. 2668 * 2669 * @throws IllegalStateException If this operation does not have exactly one 2670 * value, or if the value cannot be decoded as 2671 * a boolean value. 2672 */ 2673 public boolean getBooleanValue() 2674 throws IllegalStateException 2675 { 2676 if (values.length != 1) 2677 { 2678 throw new IllegalStateException( 2679 ERR_PWP_STATE_INVALID_BOOLEAN_VALUE_COUNT.get(values.length)); 2680 } 2681 2682 final String valueString = StaticUtils.toLowerCase(values[0].stringValue()); 2683 if (valueString.equals("true")) 2684 { 2685 return true; 2686 } 2687 else if (valueString.equals("false")) 2688 { 2689 return false; 2690 } 2691 else 2692 { 2693 throw new IllegalStateException( 2694 ERR_PWP_STATE_VALUE_NOT_BOOLEAN.get(values[0].stringValue())); 2695 } 2696 } 2697 2698 2699 2700 /** 2701 * Retrieves the integer representation of the value for this password policy 2702 * state operation. If there are multiple values, then the first will be 2703 * returned. 2704 * 2705 * @return The integer representation of the value for this password policy 2706 * operation. 2707 * 2708 * @throws IllegalStateException If this operation does not have any values. 2709 * 2710 * @throws NumberFormatException If the value cannot be parsed as an 2711 * integer. 2712 */ 2713 public int getIntValue() 2714 throws IllegalStateException, NumberFormatException 2715 { 2716 if (values.length == 0) 2717 { 2718 throw new IllegalStateException(ERR_PWP_STATE_NO_VALUES.get()); 2719 } 2720 2721 return Integer.parseInt(values[0].stringValue()); 2722 } 2723 2724 2725 2726 /** 2727 * Retrieves the {@code Date} object represented by the value for this 2728 * password policy state operation treated as a timestamp in generalized time 2729 * form. If there are multiple values, then the first will be returned. 2730 * 2731 * @return The {@code Date} object represented by the value for this password 2732 * policy state operation treated as a timestamp in generalized time 2733 * form, or {@code null} if this operation does not have any values. 2734 * 2735 * @throws ParseException If the value cannot be decoded as a timestamp in 2736 * generalized time form. 2737 */ 2738 public Date getGeneralizedTimeValue() 2739 throws ParseException 2740 { 2741 if (values.length == 0) 2742 { 2743 return null; 2744 } 2745 2746 return StaticUtils.decodeGeneralizedTime(values[0].stringValue()); 2747 } 2748 2749 2750 2751 /** 2752 * Retrieves the {@code Date} objects represented by the values for this 2753 * password policy state operation treated as timestamps in generalized time 2754 * form. 2755 * 2756 * @return The {@code Date} objects represented by the values for this 2757 * password policy state operation treated as timestamps in 2758 * generalized time form. 2759 * 2760 * @throws ParseException If any of the values cannot be decoded as a 2761 * timestamp in generalized time form. 2762 */ 2763 public Date[] getGeneralizedTimeValues() 2764 throws ParseException 2765 { 2766 final Date[] dateValues = new Date[values.length]; 2767 for (int i=0; i < values.length; i++) 2768 { 2769 dateValues[i] = 2770 StaticUtils.decodeGeneralizedTime(values[i].stringValue()); 2771 } 2772 2773 return dateValues; 2774 } 2775 2776 2777 2778 /** 2779 * Creates an array of ASN.1 octet strings with the provided set of values. 2780 * 2781 * @param dates The dates from which to create the values. It may be 2782 * {@code null} or empty if there should be no values. 2783 * 2784 * @return The array of ASN.1 octet strings. 2785 */ 2786 private static ASN1OctetString[] createValues(final Date... dates) 2787 { 2788 if ((dates == null) || (dates.length == 0)) 2789 { 2790 return NO_VALUES; 2791 } 2792 2793 final ArrayList<ASN1OctetString> valueList = 2794 new ArrayList<ASN1OctetString>(dates.length); 2795 for (final Date d : dates) 2796 { 2797 if (d != null) 2798 { 2799 valueList.add(new ASN1OctetString( 2800 StaticUtils.encodeGeneralizedTime(d))); 2801 } 2802 } 2803 2804 return valueList.toArray(NO_VALUES); 2805 } 2806 2807 2808 2809 /** 2810 * Encodes this password policy state operation for use in the extended 2811 * request or response. 2812 * 2813 * @return An ASN.1 element containing an encoded representation of this 2814 * password policy state operation. 2815 */ 2816 public ASN1Element encode() 2817 { 2818 final ASN1Element[] elements; 2819 if (values.length > 0) 2820 { 2821 elements = new ASN1Element[] 2822 { 2823 new ASN1Enumerated(opType), 2824 new ASN1Sequence(values) 2825 }; 2826 } 2827 else 2828 { 2829 elements = new ASN1Element[] 2830 { 2831 new ASN1Enumerated(opType), 2832 }; 2833 } 2834 2835 return new ASN1Sequence(elements); 2836 } 2837 2838 2839 2840 /** 2841 * Decodes the provided ASN.1 element as a password policy state operation. 2842 * 2843 * @param element The ASN.1 element to be decoded. 2844 * 2845 * @return The decoded password policy state operation. 2846 * 2847 * @throws LDAPException If a problem occurs while attempting to decode the 2848 * provided ASN.1 element as a password policy state 2849 * operation. 2850 */ 2851 public static PasswordPolicyStateOperation decode(final ASN1Element element) 2852 throws LDAPException 2853 { 2854 final ASN1Element[] elements; 2855 try 2856 { 2857 elements = ASN1Sequence.decodeAsSequence(element).elements(); 2858 } 2859 catch (final Exception e) 2860 { 2861 Debug.debugException(e); 2862 throw new LDAPException(ResultCode.DECODING_ERROR, 2863 ERR_PWP_STATE_ELEMENT_NOT_SEQUENCE.get(e), e); 2864 } 2865 2866 if ((elements.length < 1) || (elements.length > 2)) 2867 { 2868 throw new LDAPException(ResultCode.DECODING_ERROR, 2869 ERR_PWP_STATE_INVALID_ELEMENT_COUNT.get( 2870 elements.length)); 2871 } 2872 2873 final int opType; 2874 try 2875 { 2876 opType = ASN1Enumerated.decodeAsEnumerated(elements[0]).intValue(); 2877 } 2878 catch (final Exception e) 2879 { 2880 Debug.debugException(e); 2881 throw new LDAPException(ResultCode.DECODING_ERROR, 2882 ERR_PWP_STATE_OP_TYPE_NOT_INTEGER.get(e), e); 2883 } 2884 2885 final ASN1OctetString[] values; 2886 if (elements.length == 2) 2887 { 2888 try 2889 { 2890 final ASN1Element[] valueElements = 2891 ASN1Sequence.decodeAsSequence(elements[1]).elements(); 2892 values = new ASN1OctetString[valueElements.length]; 2893 for (int i=0; i < valueElements.length; i++) 2894 { 2895 values[i] = ASN1OctetString.decodeAsOctetString(valueElements[i]); 2896 } 2897 } 2898 catch (final Exception e) 2899 { 2900 Debug.debugException(e); 2901 throw new LDAPException(ResultCode.DECODING_ERROR, 2902 ERR_PWP_STATE_CANNOT_DECODE_VALUES.get(e), e); 2903 } 2904 } 2905 else 2906 { 2907 values = NO_VALUES; 2908 } 2909 2910 return new PasswordPolicyStateOperation(opType, values); 2911 } 2912 2913 2914 2915 /** 2916 * Retrieves a string representation of this password policy state operation. 2917 * 2918 * @return A string representation of this password policy state operation. 2919 */ 2920 @Override() 2921 public String toString() 2922 { 2923 final StringBuilder buffer = new StringBuilder(); 2924 toString(buffer); 2925 return buffer.toString(); 2926 } 2927 2928 2929 2930 /** 2931 * Appends a string representation of this password policy state operation to 2932 * the provided buffer. 2933 * 2934 * @param buffer The buffer to which the information should be appended. 2935 */ 2936 public void toString(final StringBuilder buffer) 2937 { 2938 buffer.append("PasswordPolicyStateOperation(opType="); 2939 buffer.append(opType); 2940 2941 if (values.length > 0) 2942 { 2943 buffer.append(", values={"); 2944 for (int i=0; i < values.length; i++) 2945 { 2946 if (i > 0) 2947 { 2948 buffer.append(", "); 2949 } 2950 2951 buffer.append('\''); 2952 buffer.append(values[i].stringValue()); 2953 buffer.append('\''); 2954 } 2955 buffer.append('}'); 2956 } 2957 2958 buffer.append(')'); 2959 } 2960}