com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateOperation Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unboundid-ldapsdk Show documentation
Show all versions of unboundid-ldapsdk Show documentation
The UnboundID LDAP SDK for Java is a fast, comprehensive, and easy-to-use
Java API for communicating with LDAP directory servers and performing
related tasks like reading and writing LDIF, encoding and decoding data
using base64 and ASN.1 BER, and performing secure communication. This
package contains the Standard Edition of the LDAP SDK, which is a
complete, general-purpose library for communicating with LDAPv3 directory
servers.
/*
* Copyright 2008-2023 Ping Identity Corporation
* All Rights Reserved.
*/
/*
* Copyright 2008-2023 Ping Identity Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright (C) 2008-2023 Ping Identity Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License (GPLv2 only)
* or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
package com.unboundid.ldap.sdk.unboundidds.extensions;
import java.io.Serializable;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Date;
import com.unboundid.asn1.ASN1Element;
import com.unboundid.asn1.ASN1Enumerated;
import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.asn1.ASN1Sequence;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*;
/**
* This class defines an operation that may be used in conjunction with the
* password policy state extended operation. A password policy state operation
* can be used to get or set various properties of the password policy state for
* a user.
*
*
* NOTE: This class, and other classes within the
* {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
* supported for use against Ping Identity, UnboundID, and
* Nokia/Alcatel-Lucent 8661 server products. These classes provide support
* for proprietary functionality or for external specifications that are not
* considered stable or mature enough to be guaranteed to work in an
* interoperable way with other types of LDAP servers.
*
*
* Operations that are available for use with the password policy state
* operation include:
*
* - Get the DN of the password policy configuration entry for the target
* user.
* - Determine whether an account is usable (may authenticate or be used as
* an alternate authorization identity.
* - Retrieve the set of account usability notice, warning, and error
* messages for a user.
* - Get, set, and clear the account disabled flag for the target user.
* - Get, set, and clear the account activation time for the target
* user.
* - Get, set, and clear the account expiration time for the target
* user.
* - Get the length of time in seconds until the target user account
* expires.
* - Get the time that the target user's password was last changed.
* - Get and clear the time that the first password expiration warning was
* sent to the user.
* - Get the length of time in seconds until the target user's password
* expires and the password expiration time for the account.
* - Get the length of time in seconds until the user should receive the
* first warning about an upcoming password expiration.
* - Determine whether the user's password is expired.
* - Determine whether the account is locked because of failed
* authentication attempts, an idle lockout, or a password reset
* lockout.
* - Get, update, set, and clear the list of times that the target user has
* unsuccessfully tried to authenticate since the last successful
* authentication.
* - Get the number of remaining failed authentication attempts for the
* target user before the account is locked.
* - Get the length of time in seconds until the target user's account is
* automatically unlocked after it was locked due to failed authentication
* attempts.
* - Get, set, and clear the time that the user last authenticated to the
* server.
* - Get, set, and clear the IP address of the client from which the user
* last authenticated to the server.
* - Get the length of time in seconds until the user account may be locked
* after remaining idle.
* - Get, set, and clear the flag that controls whether the target user must
* change his/her password before being allowed to perform any other
* operations.
* - Get the length of time in seconds until the user's account is locked
* after failing to change the password after an administrative
* reset.
* - Get, update, set, and clear the times that the target user has
* authenticated using a grace login after the password had expired.
* - Retrieve the number of remaining grace logins for the user.
* - Get, set, and clear the required password change time for the target
* user.
* - Retrieve the length of time in seconds until the target user's account
* will be locked as a result of failing to comply with a password change
* by required time.
* - Get the password history count for the target user.
* - Clear the password history for the target user.
* - Get information about or purge a user's retired password.
* - Get information about which SASL mechanisms are available for a
* user.
* - Get information about which OTP delivery mechanisms are available for a
* user.
* - Determine whether a user has any TOTP shared secrets and manipulate the
* registered secrets.
* - Get, set, and clear the public IDs of any YubiKey OTP devices
* registered for a user.
* - Determine whether the user has a static password.
* - Get, set, and clear the time that the server last performed validation
* on a password provided in a bind request.
* - Get and set whether the user's account is locked because it contains a
* password that does not satisfy all of the configured password
* validators.
* - Get and clear a user's recent login history.
*
* Note that many of these methods are dependent upon the password policy
* configuration for the target user and therefore some of them may not be
* applicable for some users. For example, if password expiration is not
* enabled in the password policy associated with the target user, then
* operations that involve password expiration will have no effect and/or will
* have a return value that indicates that password expiration is not in effect.
*/
@NotMutable()
@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
public final class PasswordPolicyStateOperation
implements Serializable
{
/**
* The operation type that may be used to retrieve the DN of the password
* policy to which the user is subject.
*/
public static final int OP_TYPE_GET_PW_POLICY_DN = 0;
/**
* The operation type that may be used to determine whether the user account
* is disabled.
*/
public static final int OP_TYPE_GET_ACCOUNT_DISABLED_STATE = 1;
/**
* The operation type that may be used to specify whether the user account is
* disabled.
*/
public static final int OP_TYPE_SET_ACCOUNT_DISABLED_STATE = 2;
/**
* The operation type that may be used to clear the account disabled flag in
* the user's entry.
*/
public static final int OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE = 3;
/**
* The operation type that may be used to get the time that the user's account
* will expire.
*/
public static final int OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME = 4;
/**
* The operation type that may be used to set the time that the user's account
* will expire.
*/
public static final int OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME = 5;
/**
* The operation type that may be used to clear the user's account expiration
* time.
*/
public static final int OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME = 6;
/**
* The operation type that may be used to retrieve the length of time in
* seconds until the user's account expires.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION = 7;
/**
* The operation type that may be used to get the time that the user's
* password was last changed.
*/
public static final int OP_TYPE_GET_PW_CHANGED_TIME = 8;
/**
* The operation type that may be used to set the time that the user's
* password was last changed.
*/
public static final int OP_TYPE_SET_PW_CHANGED_TIME = 9;
/**
* The operation type that may be used to clear the password changed time in
* the user's account.
*/
public static final int OP_TYPE_CLEAR_PW_CHANGED_TIME = 10;
/**
* The operation type that may be used to get the time that the user was
* first sent a password expiration warning.
*/
public static final int OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME = 11;
/**
* The operation type that may be used to set the time that the user was
* first sent a password expiration warning.
*/
public static final int OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME = 12;
/**
* The operation type that may be used to clear the password expiration warned
* time from the user's entry.
*/
public static final int OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME = 13;
/**
* The operation type that may be used to get the length of time in seconds
* until the user's password expires.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION = 14;
/**
* The operation type that may be used to get the length of time in seconds
* until the user will be eligible to receive a password expiration warning.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING = 15;
/**
* The operation type that may be used to get the set of times that the user
* has unsuccessfully tried to authenticate since the last successful attempt.
*/
public static final int OP_TYPE_GET_AUTH_FAILURE_TIMES = 16;
/**
* The operation type that may be used to add a new authentication failure
* time to the user's account.
*/
public static final int OP_TYPE_ADD_AUTH_FAILURE_TIME = 17;
/**
* The operation type that may be used to set the set of times that the user
* has unsuccessfully tried to authenticate since the last successful attempt.
*/
public static final int OP_TYPE_SET_AUTH_FAILURE_TIMES = 18;
/**
* The operation type that may be used to clear the authentication failure
* times in the user account.
*/
public static final int OP_TYPE_CLEAR_AUTH_FAILURE_TIMES = 19;
/**
* The operation type that may be used to retrieve the length of time in
* seconds until the user's account is unlocked.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK = 20;
/**
* The operation type that may be used to retrieve the number of failed
* authentication attempts that the user has before the account is locked.
*/
public static final int OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT = 21;
/**
* The operation type that may be used to retrieve the time that the user last
* authenticated to the server.
*/
public static final int OP_TYPE_GET_LAST_LOGIN_TIME = 22;
/**
* The operation type that may be used to set the time that the user last
* authenticated to the server.
*/
public static final int OP_TYPE_SET_LAST_LOGIN_TIME = 23;
/**
* The operation type that may be used to clear the last login time in the
* user's entry.
*/
public static final int OP_TYPE_CLEAR_LAST_LOGIN_TIME = 24;
/**
* The operation type that may be used to get the length of time in seconds
* until the user account is locked due to inactivity.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT = 25;
/**
* The operation type that may be used to determine whether a user's password
* has been reset by an administrator and must be changed.
*/
public static final int OP_TYPE_GET_PW_RESET_STATE = 26;
/**
* The operation type that may be used to set the flag to indicate whether a
* user's password has been reset by an administrator and must be changed.
*/
public static final int OP_TYPE_SET_PW_RESET_STATE = 27;
/**
* The operation type that may be used to clear the password reset flag in the
* user's entry.
*/
public static final int OP_TYPE_CLEAR_PW_RESET_STATE = 28;
/**
* The operation type that may be used to get the length of time in seconds
* until the user's account is locked due to failure to change the password
* after an administrative reset.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT = 29;
/**
* The operation type that may be used to retrieve the times that the user has
* authenticated using a grace login after his/her password has expired.
*/
public static final int OP_TYPE_GET_GRACE_LOGIN_USE_TIMES = 30;
/**
* The operation type that may be used add a value to the set of times that
* the user has authenticated using a grace login after his/her password has
* expired.
*/
public static final int OP_TYPE_ADD_GRACE_LOGIN_USE_TIME = 31;
/**
* The operation type that may be used to set the times that the user has
* authenticated using a grace login after his/her password has expired.
*/
public static final int OP_TYPE_SET_GRACE_LOGIN_USE_TIMES = 32;
/**
* The operation type that may be used to clear the set of times that the user
* has authenticated using a grace login after his/her password has expired.
*/
public static final int OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES = 33;
/**
* The operation type that may be used to retrieve the number of grace logins
* available for the user.
*/
public static final int OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT = 34;
/**
* The operation type that may be used to retrieve the last time that the
* user's password was changed during a required change period.
*/
public static final int OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME = 35;
/**
* The operation type that may be used to set the last time that the
* user's password was changed during a required change period.
*/
public static final int OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME = 36;
/**
* The operation type that may be used to clear the last time that the
* user's password was changed during a required change period.
*/
public static final int OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME = 37;
/**
* The operation type that may be used to get the length of time in seconds
* until the user's account will be locked due to a failure to change the
* password by a required time.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME = 38;
/**
* The operation type that may be used to retrieve the stored password history
* values for a user.
*
* @deprecated This operation type has been deprecated in favor of the
* {@link #OP_TYPE_GET_PW_HISTORY_COUNT} operation type.
*/
@Deprecated()
public static final int OP_TYPE_GET_PW_HISTORY = 39;
/**
* The operation type that may be used to clear the stored password history
* values for a user.
*/
public static final int OP_TYPE_CLEAR_PW_HISTORY = 40;
/**
* The operation type that may be used to determine whether a user has a valid
* retired password.
*/
public static final int OP_TYPE_HAS_RETIRED_PASSWORD = 41;
/**
* The operation type that may be used to retrieve the time that the user's
* former password was retired.
*/
public static final int OP_TYPE_GET_PASSWORD_RETIRED_TIME = 42;
/**
* The operation type that may be used to retrieve the time that the user's
* retired password will expire.
*/
public static final int OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME = 43;
/**
* The operation type that may be used to purge any retired password from the
* user's entry.
*/
public static final int OP_TYPE_PURGE_RETIRED_PASSWORD = 44;
/**
* The operation type that may be used to get the time that the user's account
* will become active.
*/
public static final int OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME = 45;
/**
* The operation type that may be used to set the time that the user's account
* will become active.
*/
public static final int OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME = 46;
/**
* The operation type that may be used to clear the user's account activation
* time.
*/
public static final int OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME = 47;
/**
* The operation type that may be used to retrieve the length of time in
* seconds until the user's account will become active.
*/
public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION = 48;
/**
* The operation type that may be used to retrieve the IP address from which
* the user last authenticated to the server.
*/
public static final int OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS = 49;
/**
* The operation type that may be used to set the IP address from which the
* user last authenticated to the server.
*/
public static final int OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS = 50;
/**
* The operation type that may be used to clear the last login IP address in
* the user's entry.
*/
public static final int OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS = 51;
/**
* The operation type that may be used to retrieve a list of structured
* strings that provide information about notices pertaining to account
* usability.
*/
public static final int OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES = 52;
/**
* The operation type that may be used to retrieve a list of structured
* strings that provide information about warnings that may affect the account
* usability.
*/
public static final int OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS = 53;
/**
* The operation type that may be used to retrieve a list of structured
* strings that provide information about errors that may affect the account
* usability.
*/
public static final int OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS = 54;
/**
* The operation type that may be used to determine whether an account is
* usable (i.e., the account may authenticate or be used as an alternate
* authorization identity).
*/
public static final int OP_TYPE_GET_ACCOUNT_IS_USABLE = 55;
/**
* The operation type that may be used to determine whether an account is
* not yet active (because the account activation time is in the future).
*/
public static final int OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE = 56;
/**
* The operation type that may be used to determine whether an account is
* expired (because the account expiration time is in the past).
*/
public static final int OP_TYPE_GET_ACCOUNT_IS_EXPIRED = 57;
/**
* The operation type that may be used to determine when a user's password
* will expire.
*/
public static final int OP_TYPE_GET_PW_EXPIRATION_TIME = 58;
/**
* The operation type that may be used to determine whether a user's account
* is locked because of too many authentication failures.
*/
public static final int OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED = 59;
/**
* The operation type that may be used to specify whether a user's account
* is locked because of too many authentication failures.
*/
public static final int OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED = 60;
/**
* The operation type that may be used to determine the failure lockout time
* for a user account.
*/
public static final int OP_TYPE_GET_FAILURE_LOCKOUT_TIME = 61;
/**
* The operation type that may be used to determine whether a user's account
* is locked because it has been idle for too long.
*/
public static final int OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED = 62;
/**
* The operation type that may be used to determine the idle lockout time for
* a user account.
*/
public static final int OP_TYPE_GET_IDLE_LOCKOUT_TIME = 63;
/**
* The operation type that may be used to determine whether a user's account
* is locked because the user did not change their password in a timely manner
* after an administrative reset.
*/
public static final int OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED = 64;
/**
* The operation type that may be used to determine the reset lockout time for
* a user account.
*/
public static final int OP_TYPE_GET_RESET_LOCKOUT_TIME = 65;
/**
* The operation type that may be used to retrieve the password history count
* for a user.
*/
public static final int OP_TYPE_GET_PW_HISTORY_COUNT = 66;
/**
* The operation type that may be used to determine whether a user's password
* is expired.
*/
public static final int OP_TYPE_GET_PW_IS_EXPIRED = 67;
/**
* The operation type that may be used to retrieve a list of the SASL
* mechanisms that are available for a user.
*/
public static final int OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS = 68;
/**
* The operation type that may be used to retrieve a list of the one-time
* password delivery mechanisms that are available for a user.
*/
public static final int OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS = 69;
/**
* The operation type that may be used to determine whether a user has one or
* more TOTP shared secrets.
*/
public static final int OP_TYPE_HAS_TOTP_SHARED_SECRET = 70;
/**
* The operation type that may be used to retrieve get the set of public IDs
* for the registered YubiKey OTP devices for a user.
*/
public static final int OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS = 71;
/**
* The operation type that may be used to add a value to the set of registered
* YubiKey OTP device public IDs for a user.
*/
public static final int OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID = 72;
/**
* The operation type that may be used to remove a value from the set of
* registered YubiKey OTP device public IDs for a user.
*/
public static final int OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID = 73;
/**
* The operation type that may be used to replace the set of public IDs for
* the registered YubiKey OTP devices for a user.
*/
public static final int OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS = 74;
/**
* The operation type that may be used to clear the set of public IDs for
* the registered YubiKey OTP devices for a user.
*/
public static final int OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS = 75;
/**
* The operation type that may be used to add a value to the set of registered
* TOTP shared secrets for a user.
*/
public static final int OP_TYPE_ADD_TOTP_SHARED_SECRET = 76;
/**
* The operation type that may be used to remove a value from the set of
* registered TOTP shared secrets for a user.
*/
public static final int OP_TYPE_REMOVE_TOTP_SHARED_SECRET = 77;
/**
* The operation type that may be used to replace the set of registered TOTP
* shared secrets for a user.
*/
public static final int OP_TYPE_SET_TOTP_SHARED_SECRETS = 78;
/**
* The operation type that may be used to clear the set of TOTP shared secrets
* for a user.
*/
public static final int OP_TYPE_CLEAR_TOTP_SHARED_SECRETS = 79;
/**
* The operation type that may be used to determine whether a user has one
* or more registered YubiKey OTP devices.
* shared secret.
*/
public static final int OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID = 80;
/**
* The operation type that may be used to determine whether a user has a
* static password.
*/
public static final int OP_TYPE_HAS_STATIC_PASSWORD = 81;
/**
* The operation type that may be used to retrieve the time that the server
* last invoked password validation during a bind operation for a user.
*/
public static final int OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME = 82;
/**
* The operation type that may be used to retrieve the length of time in
* seconds since the server last invoked password validation during a bind
* operation.
*/
public static final int
OP_TYPE_GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION = 83;
/**
* The operation type that may be used to set the time that the server last
* invoked password validation during a bind operation for a user.
*/
public static final int OP_TYPE_SET_LAST_BIND_PASSWORD_VALIDATION_TIME = 84;
/**
* The operation type that may be used to clear the time that the server last
* invoked password validation during a bind operation for a user.
*/
public static final int OP_TYPE_CLEAR_LAST_BIND_PASSWORD_VALIDATION_TIME = 85;
/**
* The operation type that may be used to determine whether a user's account
* is locked because it contains a password that does not satisfy all of the
* configured password validators.
*/
public static final int OP_TYPE_GET_ACCOUNT_IS_VALIDATION_LOCKED = 86;
/**
* The operation type that may be used to specify whether a user's account
* is locked because it contains a password that does not satisfy all of the
* configured password validators.
*/
public static final int OP_TYPE_SET_ACCOUNT_IS_VALIDATION_LOCKED = 87;
/**
* The operation type that may be used to retrieve a user's recent login
* history.
*/
public static final int OP_TYPE_GET_RECENT_LOGIN_HISTORY = 88;
/**
* The operation type that may be used to clear a user's recent login history.
*/
public static final int OP_TYPE_CLEAR_RECENT_LOGIN_HISTORY = 89;
/**
* The set of values that will be used if there are no values.
*/
@NotNull private static final ASN1OctetString[] NO_VALUES =
new ASN1OctetString[0];
/**
* The serial version UID for this serializable class.
*/
private static final long serialVersionUID = -7711496660183073026L;
// The set of values for this operation.
@NotNull private final ASN1OctetString[] values;
// The operation type for this operation.
private final int opType;
/**
* Creates a new password policy state operation with the specified operation
* type and no values.
*
* @param opType The operation type for this password policy state
* operation.
*/
public PasswordPolicyStateOperation(final int opType)
{
this(opType, NO_VALUES);
}
/**
* Creates a new password policy state operation with the specified operation
* type and set of values.
*
* @param opType The operation type for this password policy state
* operation.
* @param values The set of values for this password policy state operation.
*/
public PasswordPolicyStateOperation(final int opType,
@Nullable final ASN1OctetString[] values)
{
this.opType = opType;
if (values == null)
{
this.values = NO_VALUES;
}
else
{
this.values = values;
}
}
/**
* Creates a new password policy state operation that may be used to request
* the DN of the password policy configuration entry for the user. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_PW_POLICY_DN} with a single string value that is the
* DN of the password policy configuration entry.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordPolicyDNOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_POLICY_DN);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether the user account is disabled. The result returned should include
* an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a
* single boolean value of {@code true} if the account is disabled, or
* {@code false} if the account is not disabled.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountDisabledStateOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_DISABLED_STATE);
}
/**
* Creates a new password policy state operation that may be used to specify
* whether the user account is disabled. The result returned should include
* an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a
* single boolean value of {@code true} if the account has been disabled, or
* {@code false} if the account is not disabled.
*
* @param isDisabled Indicates whether the user account should be disabled.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetAccountDisabledStateOperation(
final boolean isDisabled)
{
final ASN1OctetString[] values =
{
new ASN1OctetString(String.valueOf(isDisabled))
};
return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_DISABLED_STATE,
values);
}
/**
* Creates a new password policy state operation that may be used to clear
* the user account disabled state in the user's entry. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a single boolean value of
* {@code true} if the account is disabled, or {@code false} if the account is
* not disabled.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearAccountDisabledStateOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the time that the user's account will become active. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value
* that is the generalized time representation of the account activation time,
* or a {@code null} value if the account does not have an activation time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountActivationTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to set the
* time that the user's account expires. The result returned should include
* an operation of type {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a
* single string value that is the generalized time representation of the
* account activation time, or a {@code null} value if the account does not
* have an activation time.
*
* @param expirationTime The time that the user's account should expire. It
* may be {@code null} if the server should use the
* current time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetAccountActivationTimeOperation(
@Nullable final Date expirationTime)
{
return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME,
createValues(expirationTime));
}
/**
* Creates a new password policy state operation that may be used to clear
* the account expiration time in the user's entry. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value
* that is the generalized time representation of the account activation time,
* or a {@code null} value if the account does not have an activation time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearAccountActivationTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds until the user's account becomes active. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION} with a single integer
* value representing the number of seconds until the account becomes active,
* or a {@code null} value if the account does not have an activation time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilAccountActivationOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the time that the user's account expires. The result returned should
* include an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME}
* with a single string value that is the generalized time representation of
* the account expiration time, or a {@code null} value if the account does
* not have an expiration time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountExpirationTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to set the
* time that the user's account expires. The result returned should include
* an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a
* single string value that is the generalized time representation of the
* account expiration time, or a {@code null} value if the account does not
* have an expiration time.
*
* @param expirationTime The time that the user's account should expire. It
* may be {@code null} if the server should use the
* current time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetAccountExpirationTimeOperation(
@Nullable final Date expirationTime)
{
return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME,
createValues(expirationTime));
}
/**
* Creates a new password policy state operation that may be used to clear
* the account expiration time in the user's entry. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a single string value
* that is the generalized time representation of the account expiration time,
* or a {@code null} value if the account does not have an expiration time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearAccountExpirationTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds until the user's account is expired. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION} with a single integer
* value representing the number of seconds until the account will expire, or
* a {@code null} value if the account does not have an expiration time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilAccountExpirationOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION);
}
/**
* Creates a new password policy state operation that may be used to determine
* when the user's password was last changed. The result returned should
* include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a
* single string value that is the generalized time representation of the
* time the password was last changed.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordChangedTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_CHANGED_TIME);
}
/**
* Creates a new password policy state operation that may be used to specify
* when the user's password was last changed. The result returned should
* include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a
* single string value that is the generalized time representation of the
* time the password was last changed.
*
* @param passwordChangedTime The time the user's password was last changed.
* It may be {@code null} if the server should
* use the current time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetPasswordChangedTimeOperation(
@Nullable final Date passwordChangedTime)
{
return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_CHANGED_TIME,
createValues(passwordChangedTime));
}
/**
* Creates a new password policy state operation that may be used to clear
* the password changed time from a user's entry. The result returned should
* include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a
* single string value that is the generalized time representation of the
* time the password was last changed, or {@code null} if it can no longer be
* determined.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearPasswordChangedTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_CHANGED_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* when the user first received a password expiration warning. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value
* that is the generalized time representation of the time the user received
* the first expiration warning.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordExpirationWarnedTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME);
}
/**
* Creates a new password policy state operation that may be used to specify
* when the user first received a password expiration warning. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value
* that is the generalized time representation of the time the user received
* the first expiration warning.
*
* @param passwordExpirationWarnedTime The password expiration warned time
* for the user. It may be {@code null}
* if the server should use the current
* time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetPasswordExpirationWarnedTimeOperation(
@Nullable final Date passwordExpirationWarnedTime)
{
return new PasswordPolicyStateOperation(
OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME,
createValues(passwordExpirationWarnedTime));
}
/**
* Creates a new password policy state operation that may be used to clear the
* password expiration warned time from the user's entry. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value
* that is the generalized time representation of the time the user received
* the first expiration warning.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearPasswordExpirationWarnedTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds until the user's password expires. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION} with a single integer
* value that is the number of seconds until the user's password expires, or
* a {@code null} value if the user's password will not expire.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilPasswordExpirationOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds until the user is eligible to start receiving
* password expiration warnings. The result returned should include an
* operation of type {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING}
* with a single integer value that is the number of seconds until the user is
* eligible to receive the first expiration warning, or a {@code null} value
* if the user's password will not expire.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilPasswordExpirationWarningOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the times that the user has unsuccessfully tried to authenticate since the
* last successful authentication. The result returned should include an
* operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of
* string values representing the timestamps (in generalized time format) of
* the authentication failures.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAuthenticationFailureTimesOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_AUTH_FAILURE_TIMES);
}
/**
* Creates a new password policy state operation that may be used to add the
* current time to the set of times that the user has unsuccessfully tried to
* authenticate since the last successful authentication. The result returned
* should include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES}
* with an array of string values representing the timestamps (in generalized
* time format) of the authentication failures.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createAddAuthenticationFailureTimeOperation()
{
return createAddAuthenticationFailureTimeOperation(null);
}
/**
* Creates a new password policy state operation that may be used to add the
* specified values to the set of times that the user has unsuccessfully tried
* to authenticate since the last successful authentication. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of string values
* representing the timestamps (in generalized time format) of the
* authentication failures.
*
* @param authFailureTimes The set of authentication failure time values to
* add. It may be {@code null} or empty if the
* server should add the current time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createAddAuthenticationFailureTimeOperation(
@Nullable final Date[] authFailureTimes)
{
return new PasswordPolicyStateOperation(OP_TYPE_ADD_AUTH_FAILURE_TIME,
createValues(authFailureTimes));
}
/**
* Creates a new password policy state operation that may be used to specify
* the set of times that the user has unsuccessfully tried to authenticate
* since the last successful authentication. The result returned should
* include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with
* an array of string values representing the timestamps (in generalized time
* format) of the authentication failures.
*
* @param authFailureTimes The set of times that the user has unsuccessfully
* tried to authenticate since the last successful
* authentication. It may be {@code null} or empty
* if the server should use the current time as the
* only failure time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetAuthenticationFailureTimesOperation(
@Nullable final Date[] authFailureTimes)
{
return new PasswordPolicyStateOperation(OP_TYPE_SET_AUTH_FAILURE_TIMES,
createValues(authFailureTimes));
}
/**
* Creates a new password policy state operation that may be used to clear the
* set of times that the user has unsuccessfully tried to authenticate since
* the last successful authentication. The result returned should include an
* operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of
* string values representing the timestamps (in generalized time format) of
* the authentication failures.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearAuthenticationFailureTimesOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_AUTH_FAILURE_TIMES);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds until the user's account is automatically
* unlocked after too many failed authentication attempts. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK} with a single
* integer value that represents the number of seconds until the account
* becomes unlocked, or a {@code null} value if the account is not temporarily
* locked as a result of authentication failures.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilAuthenticationFailureUnlockOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK);
}
/**
* Creates a new password policy state operation that may be used to determine
* the number of authentication failures required to lock the user's account.
* The result returned should include an operation of type
* {@link #OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT} with a single integer
* value that represents the number of authentication failures that a user
* will be permitted before the account is locked, or a {@code null} value if
* the password policy is not configured to lock accounts as a result of too
* many failed authentication attempts.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetRemainingAuthenticationFailureCountOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT);
}
/**
* Creates a new password policy state operation that may be used to determine
* the time that the user last successfully authenticated to the server. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is
* the generalized time representation of the user's last login time, or a
* {@code null} value if no last login time is available.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation createGetLastLoginTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_TIME);
}
/**
* Creates a new password policy state operation that may be used to set
* the time that the user last successfully authenticated to the server. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is
* the generalized time representation of the user's last login time, or a
* {@code null} value if no last login time is available.
*
* @param lastLoginTime The last login time to set in the user's entry. It
* may be {@code null} if the server should use the
* current time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetLastLoginTimeOperation(
@Nullable final Date lastLoginTime)
{
return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_TIME,
createValues(lastLoginTime));
}
/**
* Creates a new password policy state operation that may be used to clear
* the last login time from the user's entry. The result returned should
* include an operation of type {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a
* single string value that is the generalized time representation of the
* user's last login time, or a {@code null} value if no last login time is
* available.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation createClearLastLoginTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_LAST_LOGIN_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* the IP address from which the user last successfully authenticated to the
* server. The result returned should include an operation of type
* {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that
* is the user's last login IP address, or a {@code null} value if no last
* login IP address is available.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetLastLoginIPAddressOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS);
}
/**
* Creates a new password policy state operation that may be used to set
* the IP address from which the user last successfully authenticated to the
* server. The result returned should include an operation of type
* {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that
* is the user's last login IP address, or a {@code null} value if no last
* login IP address is available.
*
* @param lastLoginIPAddress The last login IP address to set in the user's
* entry. It must not be {@code null}.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetLastLoginIPAddressOperation(
@NotNull final String lastLoginIPAddress)
{
final ASN1OctetString[] values =
{
new ASN1OctetString(lastLoginIPAddress)
};
return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS,
values);
}
/**
* Creates a new password policy state operation that may be used to clear
* the last login IP address from the user's entry. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that
* is the user's last login IP address, or a {@code null} value if no last
* login IP address is available.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearLastLoginIPAddressOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds until the user's account is locked due to
* inactivity. The result returned should include an operation of type
* {@link #OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT} with a single integer value
* that represents the number of seconds until the user's account is locked as
* a result of being idle for too long, or a {@code null} value if no idle
* account lockout is configured.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilIdleLockoutOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether the user's password has been reset by an administrator and must be
* changed before performing any other operations. The result returned should
* include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a
* single boolean value of {@code true} if the user's password must be changed
* before the account can be used, or {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordResetStateOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_RESET_STATE);
}
/**
* Creates a new password policy state operation that may be used to specify
* whether the user's password has been reset by an administrator and must be
* changed before performing any other operations. The result returned should
* include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a
* single boolean value of {@code true} if the user's password must be changed
* before the account can be used, or {@code false} if not.
*
* @param isReset Specifies whether the user's password must be changed
* before performing any other operations.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetPasswordResetStateOperation(final boolean isReset)
{
final ASN1OctetString[] values =
{
new ASN1OctetString(String.valueOf(isReset))
};
return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_RESET_STATE, values);
}
/**
* Creates a new password policy state operation that may be used to clear the
* password reset state information in the user's entry. The result returned
* should include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE}
* with a single boolean value of {@code true} if the user's password must be
* changed before the account can be used, or {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearPasswordResetStateOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_RESET_STATE);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds that the user has left to change his/her
* password after an administrative reset before the account is locked. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT} with a single integer
* value that represents the number of seconds until the user's account will
* be locked unless the password is reset, or a {@code null} value if the
* user's password is not in a "must change" state.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilPasswordResetLockoutOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the set of times that the user has authenticated using grace logins since
* his/her password expired. The result returned should include an operation
* of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string
* values in generalized time format.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetGraceLoginUseTimesOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_GRACE_LOGIN_USE_TIMES);
}
/**
* Creates a new password policy state operation that may be used to add the
* current time to the set of times that the user has authenticated using
* grace logins since his/her password expired. The result returned should
* include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES}
* with an array of string values in generalized time format.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createAddGraceLoginUseTimeOperation()
{
return createAddGraceLoginUseTimeOperation(null);
}
/**
* Creates a new password policy state operation that may be used to add the
* current time to the set of times that the user has authenticated using
* grace logins since his/her password expired. The result returned should
* include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES}
* with an array of string values in generalized time format.
*
* @param graceLoginUseTimes The set of grace login use times to add. It
* may be {@code null} or empty if the server
* should add the current time to the set of grace
* login times.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createAddGraceLoginUseTimeOperation(
@Nullable final Date[] graceLoginUseTimes)
{
return new PasswordPolicyStateOperation(OP_TYPE_ADD_GRACE_LOGIN_USE_TIME,
createValues(graceLoginUseTimes));
}
/**
* Creates a new password policy state operation that may be used to specify
* the set of times that the user has authenticated using grace logins since
* his/her password expired. The result returned should include an operation
* of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string
* values in generalized time format.
*
* @param graceLoginUseTimes The set of times that the user has
* authenticated using grace logins since his/her
* password expired. It amy be {@code null} or
* empty if the server should use the current time
* as the only grace login use time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetGraceLoginUseTimesOperation(
@Nullable final Date[] graceLoginUseTimes)
{
return new PasswordPolicyStateOperation(OP_TYPE_SET_GRACE_LOGIN_USE_TIMES,
createValues(graceLoginUseTimes));
}
/**
* Creates a new password policy state operation that may be used to clear
* the set of times that the user has authenticated using grace logins since
* his/her password expired. The result returned should include an operation
* of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string
* values in generalized time format.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearGraceLoginUseTimesOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the number of remaining grace logins available to the user. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT} with a single integer
* value that represents the number of remaining grace logins, or a
* {@code null} value if grace login functionality is not enabled for the
* user.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetRemainingGraceLoginCountOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the last required password change time that with which the user has
* complied. The result returned should include an operation of type
* {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string
* value that is the generalized time representation of the most recent
* required password change time with which the user complied, or a
* {@code null} value if this is not available for the user.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordChangedByRequiredTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME);
}
/**
* Creates a new password policy state operation that may be used to update
* the user's entry to indicate that he/she has complied with the required
* password change time. The result returned should include an operation of
* type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string
* value that is the generalized time representation of the most recent
* required password change time with which the user complied, or a
* {@code null} value if this is not available for the user.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetPasswordChangedByRequiredTimeOperation()
{
return createSetPasswordChangedByRequiredTimeOperation(null);
}
/**
* Creates a new password policy state operation that may be used to update
* the user's entry to indicate that he/she has complied with the required
* password change time. The result returned should include an operation of
* type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string
* value that is the generalized time representation of the most recent
* required password change time with which the user complied, or a
* {@code null} value if this is not available for the user.
*
* @param requiredTime The required password changed time with which the
* user has complied. It may be {@code null} if the
* server should use the most recent required change
* time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetPasswordChangedByRequiredTimeOperation(
@Nullable final Date requiredTime)
{
return new PasswordPolicyStateOperation(
OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME, createValues(requiredTime));
}
/**
* Creates a new password policy state operation that may be used to clear
* the last required password change time from the user's entry. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string value
* that is the generalized time representation of the most recent required
* password change time with which the user complied, or a {@code null} value
* if this is not available for the user.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearPasswordChangedByRequiredTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the length of time in seconds until the required password change time
* arrives. The result returned should include an operation of type
* {@link #OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME} with a single
* integer value that represents the number of seconds before the user will
* be required to change his/her password as a result of the
* require-change-by-time property, or a {@code null} value if the user is
* not required to change their password for this reason.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsUntilRequiredChangeTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the password history values stored in the user's entry. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_PW_HISTORY} with an array of strings representing the
* user's password history content.
*
* @return The created password policy state operation.
*
* @deprecated This method has been deprecated in favor of the
* {@link #createGetPasswordHistoryCountOperation} method.
*/
@Deprecated()
@SuppressWarnings("deprecation")
@NotNull()
public static PasswordPolicyStateOperation createGetPasswordHistoryOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY);
}
/**
* Creates a new password policy state operation that may be used to clear the
* password history values stored in the user's entry. The result returned
* should include an operation of type {@link #OP_TYPE_GET_PW_HISTORY} with an
* array of strings representing the user's password history content.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearPasswordHistoryOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_HISTORY);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether the user has a valid retired password. The result returned should
* include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a
* single boolean value of {@code true} if the user has a valid retired
* password, or {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation createHasRetiredPasswordOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_HAS_RETIRED_PASSWORD);
}
/**
* Creates a new password policy state operation that may be used to determine
* the time that the user's former password was retired. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_PASSWORD_RETIRED_TIME} with a single string value that
* is the generalized time representation of the time the user's former
* password was retired, or a {@code null} value if the user does not have a
* valid retired password.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordRetiredTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PASSWORD_RETIRED_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time until the user's retired password expires. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME} with a single string
* value that is the generalized time representation of the time the user's
* retired password will cease to be valid, or a {@code null} value if the
* user does not have a valid retired password.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetRetiredPasswordExpirationTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to purge
* any retired password from the user's entry. The result returned should
* include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a
* single boolean value of {@code true} if the user has a valid retired
* password, or {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createPurgeRetiredPasswordOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_PURGE_RETIRED_PASSWORD);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* information about any password policy state notices pertaining to the
* usability of the user's account. The result returned should include an
* operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES} with an
* array of strings that represent
* {@link PasswordPolicyStateAccountUsabilityWarning} values.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountUsabilityNoticesOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* information about any password policy state warnings that may impact the
* usability of the user's account. The result returned should include an
* operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS} with an
* array of strings that represent
* {@link PasswordPolicyStateAccountUsabilityWarning} values.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountUsabilityWarningsOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* information about any password policy state errors that may impact the
* usability of the user's account. The result returned should include an
* operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS} with an
* array of strings that represent
* {@link PasswordPolicyStateAccountUsabilityError} values.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountUsabilityErrorsOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether an account is usable (i.e., the account will be allowed to
* authenticate and/or be used as an alternate authorization identity. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_IS_USABLE} with a single boolean value that
* indicates whether the account is usable.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountIsUsableOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_USABLE);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether an account has an activation time that is in the future. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE} with a single boolean value
* that indicates whether the account is not yet active.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountIsNotYetActiveOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether an account has an expiration time that is in the past. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_IS_EXPIRED} with a single boolean value that
* indicates whether the account is expired.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountIsExpiredOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_EXPIRED);
}
/**
* Creates a new password policy state operation that may be used to determine
* when a user's password is expected to expire. The result returned should
* include an operation of type {@link #OP_TYPE_GET_PW_EXPIRATION_TIME} with a
* single string value that is the generalized time representation of the
* password expiration time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordExpirationTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_EXPIRATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether an account has been locked because of too many failed
* authentication attempts. The result returned should include an operation
* of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single
* boolean value that indicates whether the account is failure locked.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountIsFailureLockedOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED);
}
/**
* Creates a new password policy state operation that may be used to specify
* whether an account should be locked because of too many failed
* authentication attempts. The result returned should include an operation
* of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single
* boolean value that indicates whether the account is failure locked.
*
* @param isFailureLocked Indicates whether the account should be locked
* because of too many failed attempts.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetAccountIsFailureLockedOperation(
final boolean isFailureLocked)
{
final ASN1OctetString[] values =
{
new ASN1OctetString(String.valueOf(isFailureLocked))
};
return new PasswordPolicyStateOperation(
OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED, values);
}
/**
* Creates a new password policy state operation that may be used to determine
* when a user's password is was locked because of too many failed
* authentication attempts. The result returned should include an operation
* of type {@link #OP_TYPE_GET_FAILURE_LOCKOUT_TIME} with a single string
* value that is the generalized time representation of the failure lockout
* time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetFailureLockoutTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_FAILURE_LOCKOUT_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether an account has been locked because it has remained idle for too
* long. The result returned should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED} with a single boolean value
* that indicates whether the account is idle locked.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountIsIdleLockedOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED);
}
/**
* Creates a new password policy state operation that may be used to determine
* when a user's password is was locked because of the idle account lockout.
* The result returned should include an operation of type
* {@link #OP_TYPE_GET_IDLE_LOCKOUT_TIME} with a single string value that is
* the generalized time representation of the idle lockout time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetIdleLockoutTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_IDLE_LOCKOUT_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether an account has been locked because the user failed to change their
* password in a timely manner after an administrative reset. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED} with a single boolean value
* that indicates whether the account is reset locked.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountIsResetLockedOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED);
}
/**
* Creates a new password policy state operation that may be used to determine
* when a user's password is was locked because the user failed to change
* their password in a timely manner after an administrative reset. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_RESET_LOCKOUT_TIME} with a single string value that is
* the generalized time representation of the reset lockout time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetResetLockoutTimeOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_RESET_LOCKOUT_TIME);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the number of passwords currently held in a user's password history. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_PW_HISTORY_COUNT} with a single integer value that
* represents the number of passwords in the history, or a {@code null} value
* if a password history is not enabled for the user.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordHistoryCountOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY_COUNT);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether a user's password is expired. The result returned should include
* an operation of type {@link #OP_TYPE_GET_PW_IS_EXPIRED} with a single
* Boolean value that indicates whether the password is expired, or a
* {@code null} value if password expiration is not enabled for the user.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetPasswordIsExpiredOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_IS_EXPIRED);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* a list of the SASL mechanisms that are available for a user. This will
* take into consideration the server's configuration, the types of
* credentials that a user has, and per-user constraints and preferences.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAvailableSASLMechanismsOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* a list of the one-time password delivery mechanisms that are available for
* a user. If the user's entry includes information about which OTP delivery
* mechanisms are preferred, the list will be ordered from most preferred to
* least preferred.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAvailableOTPDeliveryMechanismsOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether the user has at least one TOTP shared secret. The result returned
* should include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET}
* with a single boolean value of {@code true} if the user has one or more
* TOTP shared secrets, or {@code false} if not.
*
* @return The created password policy state operation.
*
* @deprecated Use {@link #createHasTOTPSharedSecretOperation} instead.
*/
@Deprecated()
@NotNull()
public static PasswordPolicyStateOperation createHasTOTPSharedSecret()
{
return new PasswordPolicyStateOperation(OP_TYPE_HAS_TOTP_SHARED_SECRET);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether the user has at least one TOTP shared secret. The result returned
* should include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET}
* with a single boolean value of {@code true} if the user has one or more
* TOTP shared secrets, or {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createHasTOTPSharedSecretOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_HAS_TOTP_SHARED_SECRET);
}
/**
* Creates a new password policy state operation that may be used to add one
* or more values to the set of TOTP shared secrets for a user. The result
* returned should include an operation of type
* {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of
* {@code true} if the user has one or more TOTP shared secrets, or
* {@code false} if not.
*
* @param totpSharedSecrets The base32-encoded representations of the TOTP
* shared secrets to add to the user. It must not
* be {@code null} or empty.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createAddTOTPSharedSecretOperation(
@NotNull final String... totpSharedSecrets)
{
final ASN1OctetString[] values =
new ASN1OctetString[totpSharedSecrets.length];
for (int i=0; i < totpSharedSecrets.length; i++)
{
values[i] = new ASN1OctetString(totpSharedSecrets[i]);
}
return new PasswordPolicyStateOperation(OP_TYPE_ADD_TOTP_SHARED_SECRET,
values);
}
/**
* Creates a new password policy state operation that may be used to remove
* one or more values from the set of TOTP shared secrets for a user. The
* result returned should include an operation of type
* {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of
* {@code true} if the user has one or more TOTP shared secrets, or
* {@code false} if not.
*
* @param totpSharedSecrets The base32-encoded representations of the TOTP
* shared secrets to remove from the user. It must
* not be {@code null} or empty.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createRemoveTOTPSharedSecretOperation(
@NotNull final String... totpSharedSecrets)
{
final ASN1OctetString[] values =
new ASN1OctetString[totpSharedSecrets.length];
for (int i=0; i < totpSharedSecrets.length; i++)
{
values[i] = new ASN1OctetString(totpSharedSecrets[i]);
}
return new PasswordPolicyStateOperation(OP_TYPE_REMOVE_TOTP_SHARED_SECRET,
values);
}
/**
* Creates a new password policy state operation that may be used to replace
* the set of TOTP shared secrets for a user. The result returned should
* include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a
* single boolean value of {@code true} if the user has one or more TOTP
* shared secrets, or {@code false} if not.
*
* @param totpSharedSecrets The base32-encoded representations of the TOTP
* shared secrets for the user. It must not be
* {@code null} but may be empty.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetTOTPSharedSecretsOperation(
@NotNull final String... totpSharedSecrets)
{
final ASN1OctetString[] values =
new ASN1OctetString[totpSharedSecrets.length];
for (int i=0; i < totpSharedSecrets.length; i++)
{
values[i] = new ASN1OctetString(totpSharedSecrets[i]);
}
return new PasswordPolicyStateOperation(OP_TYPE_SET_TOTP_SHARED_SECRETS,
values);
}
/**
* Creates a new password policy state operation that may be used to clear
* the set of TOTP shared secrets for a user. The result returned should
* include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a
* single boolean value of {@code true} if the user has one or more TOTP
* shared secrets, or {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearTOTPSharedSecretsOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_TOTP_SHARED_SECRETS);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether the user has at least one registered YubiKey OTP device. The
* result returned should include an operation of type
* {@link #OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID}
* with a single boolean value of {@code true} if the user has one or more
* registered devices, or {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation createHasYubiKeyPublicIDOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the public IDs of the YubiKey OTP devices registered for a user. The
* result returned should include an operation of type
* {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string
* values that represent the public IDs of the registered YubiKey OTP devices.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetRegisteredYubiKeyPublicIDsOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS);
}
/**
* Creates a new password policy state operation that may be used to add one
* or more values to the set of the public IDs of the YubiKey OTP devices
* registered for a user. The result returned should include an operation of
* type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of
* string values that represent the public IDs of the registered YubiKey OTP
* devices.
*
* @param publicIDs The set of public IDs to add to the set of YubiKey OTP
* devices registered for the user. It must not be
* {@code null} or empty.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createAddRegisteredYubiKeyPublicIDOperation(
@NotNull final String... publicIDs)
{
final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length];
for (int i=0; i < publicIDs.length; i++)
{
values[i] = new ASN1OctetString(publicIDs[i]);
}
return new PasswordPolicyStateOperation(
OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID, values);
}
/**
* Creates a new password policy state operation that may be used to remove
* one or more values from the set of the public IDs of the YubiKey OTP
* devices registered for a user. The result returned should include an
* operation of type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with
* an array of string values that represent the public IDs of the registered
* YubiKey OTP devices.
*
* @param publicIDs The set of public IDs to remove from the set of YubiKey
* OTP devices registered for the user. It must not be
* {@code null} or empty.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createRemoveRegisteredYubiKeyPublicIDOperation(
@NotNull final String... publicIDs)
{
final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length];
for (int i=0; i < publicIDs.length; i++)
{
values[i] = new ASN1OctetString(publicIDs[i]);
}
return new PasswordPolicyStateOperation(
OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, values);
}
/**
* Creates a new password policy state operation that may be used to replace
* the set of the public IDs of the YubiKey OTP devices registered for a user.
* The result returned should include an operation of type
* {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string
* values that represent the public IDs of the registered YubiKey OTP devices.
*
* @param publicIDs The set of public IDs for the YubiKey OTP devices
* registered for the user. It must not be {@code null}
* but may be empty.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetRegisteredYubiKeyPublicIDsOperation(
@NotNull final String... publicIDs)
{
final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length];
for (int i=0; i < publicIDs.length; i++)
{
values[i] = new ASN1OctetString(publicIDs[i]);
}
return new PasswordPolicyStateOperation(
OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS, values);
}
/**
* Creates a new password policy state operation that may be used to clear
* the set of the public IDs of the YubiKey OTP devices registered for a user.
* The result returned should include an operation of type
* {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string
* values that represent the public IDs of the registered YubiKey OTP devices.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearRegisteredYubiKeyPublicIDsOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether the user has a static password. The result should include an
* operation of type {@link #OP_TYPE_HAS_STATIC_PASSWORD} with a single
* boolean value of {@code true} if the user has a static password, or
* {@code false} if not.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation createHasStaticPasswordOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_HAS_STATIC_PASSWORD);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the time that the server last invoked password validators during a bind
* operation for the target user. The result should include an operation of
* type {@link #OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME} with a
* single string value that is the generalized time representation of the last
* bind password validation time, or a {@code null} value if the account does
* not have a last bind password validation time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetLastBindPasswordValidationTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* the length of time in seconds since the server last invoked password
* validators during a bind operation for the target user. The result should
* include an operation of type
* {@link #OP_TYPE_GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION} with a
* single integer value representing the number of seconds since the last
* bind password validation time, or a {@code null} value if the account does
* not have a last bind password validation time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetSecondsSinceLastBindPasswordValidationOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION);
}
/**
* Creates a new password policy state operation that may be used to set the
* time that the server last invoked password validators during a bind
* operation for the target user. The result returned should include an
* operation of type {@link #OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME}
* with a single string value that is the generalized time representation of
* the last bind password validation time, or a {@code null} value if the
* account does not have a last bind password validation time.
*
* @param validationTime The time that the server last invoke password
* validators during a bind operation for the target
* user. It may be {@code null} if the server should
* use the current time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetLastBindPasswordValidationTimeOperation(
@Nullable final Date validationTime)
{
return new PasswordPolicyStateOperation(
OP_TYPE_SET_LAST_BIND_PASSWORD_VALIDATION_TIME,
createValues(validationTime));
}
/**
* Creates a new password policy state operation that may be used to clear the
* last bind password validation time in the user's entry. The result
* returned should include an operation of type
* {@link #OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME} with a single
* string value that is the generalized time representation of the last bind
* password validation time, or a {@code null} value if the account does not
* have a last bind password validation time.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearLastBindPasswordValidationTimeOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_CLEAR_LAST_BIND_PASSWORD_VALIDATION_TIME);
}
/**
* Creates a new password policy state operation that may be used to determine
* whether an account has been locked because it contains a password that does
* not satisfy all of the configured password validators. The result returned
* should include an operation of type
* {@link #OP_TYPE_GET_ACCOUNT_IS_VALIDATION_LOCKED} with a single boolean
* value that indicates whether the account is validation locked.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetAccountIsValidationLockedOperation()
{
return new PasswordPolicyStateOperation(
OP_TYPE_GET_ACCOUNT_IS_VALIDATION_LOCKED);
}
/**
* Creates a new password policy state operation that may be used to specify
* whether an account should be locked because it contains a password that
* does not satisfy all of the configured password validators. The result
* authentication attempts. The result returned should include an operation
* of type {@link #OP_TYPE_SET_ACCOUNT_IS_VALIDATION_LOCKED} with a single
* boolean value that indicates whether the account is validation locked.
*
* @param isValidationLocked Indicates whether the account should be locked
* because it contains a password that does not
* satisfy all of the configured password
* validators.
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createSetAccountIsValidationLockedOperation(
final boolean isValidationLocked)
{
final ASN1OctetString[] values =
{
new ASN1OctetString(String.valueOf(isValidationLocked))
};
return new PasswordPolicyStateOperation(
OP_TYPE_SET_ACCOUNT_IS_VALIDATION_LOCKED, values);
}
/**
* Creates a new password policy state operation that may be used to retrieve
* the recent login history for a user. The result returned should include an
* operation of type {@link #OP_TYPE_GET_RECENT_LOGIN_HISTORY} with a single
* string value that is a JSON object that represents the user's recent login
* history/
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createGetRecentLoginHistoryOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_GET_RECENT_LOGIN_HISTORY);
}
/**
* Creates a new password policy state operation that may be used to clear
* the recent login history for a user. The result returned should include an
* operation of type {@link #OP_TYPE_GET_RECENT_LOGIN_HISTORY} with a single
* string value that is a JSON object that represents the user's recent login
* history/
*
* @return The created password policy state operation.
*/
@NotNull()
public static PasswordPolicyStateOperation
createClearRecentLoginHistoryOperation()
{
return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_RECENT_LOGIN_HISTORY);
}
/**
* Retrieves the operation type for this password policy state operation.
*
* @return The operation type for this password policy state operation.
*/
public int getOperationType()
{
return opType;
}
/**
* Retrieves the set of raw values for this password policy state operation.
*
* @return The set of raw values for this password policy state operation.
*/
@NotNull()
public ASN1OctetString[] getRawValues()
{
return values;
}
/**
* Retrieves the string representation of the value for this password policy
* state operation. If there are multiple values, then the first will be
* returned.
*
* @return The string representation of the value for this password policy
* state operation, or {@code null} if there are no values.
*/
@Nullable()
public String getStringValue()
{
if (values.length == 0)
{
return null;
}
else
{
return values[0].stringValue();
}
}
/**
* Retrieves the string representations of the values for this password policy
* state operation.
*
* @return The string representations of the values for this password policy
* state operation.
*/
@NotNull()
public String[] getStringValues()
{
final String[] stringValues = new String[values.length];
for (int i=0; i < values.length; i++)
{
stringValues[i] = values[i].stringValue();
}
return stringValues;
}
/**
* Retrieves the boolean representation of the value for this password policy
* state operation.
*
* @return The boolean representation of the value for this password policy
* state operation.
*
* @throws IllegalStateException If this operation does not have exactly one
* value, or if the value cannot be decoded as
* a boolean value.
*/
public boolean getBooleanValue()
throws IllegalStateException
{
if (values.length != 1)
{
throw new IllegalStateException(
ERR_PWP_STATE_INVALID_BOOLEAN_VALUE_COUNT.get(values.length));
}
final String valueString = StaticUtils.toLowerCase(values[0].stringValue());
if (valueString.equals("true"))
{
return true;
}
else if (valueString.equals("false"))
{
return false;
}
else
{
throw new IllegalStateException(
ERR_PWP_STATE_VALUE_NOT_BOOLEAN.get(values[0].stringValue()));
}
}
/**
* Retrieves the integer representation of the value for this password policy
* state operation. If there are multiple values, then the first will be
* returned.
*
* @return The integer representation of the value for this password policy
* operation.
*
* @throws IllegalStateException If this operation does not have any values.
*
* @throws NumberFormatException If the value cannot be parsed as an
* integer.
*/
public int getIntValue()
throws IllegalStateException, NumberFormatException
{
if (values.length == 0)
{
throw new IllegalStateException(ERR_PWP_STATE_NO_VALUES.get());
}
return Integer.parseInt(values[0].stringValue());
}
/**
* Retrieves the {@code Date} object represented by the value for this
* password policy state operation treated as a timestamp in generalized time
* form. If there are multiple values, then the first will be returned.
*
* @return The {@code Date} object represented by the value for this password
* policy state operation treated as a timestamp in generalized time
* form, or {@code null} if this operation does not have any values.
*
* @throws ParseException If the value cannot be decoded as a timestamp in
* generalized time form.
*/
@Nullable()
public Date getGeneralizedTimeValue()
throws ParseException
{
if (values.length == 0)
{
return null;
}
return StaticUtils.decodeGeneralizedTime(values[0].stringValue());
}
/**
* Retrieves the {@code Date} objects represented by the values for this
* password policy state operation treated as timestamps in generalized time
* form.
*
* @return The {@code Date} objects represented by the values for this
* password policy state operation treated as timestamps in
* generalized time form.
*
* @throws ParseException If any of the values cannot be decoded as a
* timestamp in generalized time form.
*/
@NotNull()
public Date[] getGeneralizedTimeValues()
throws ParseException
{
final Date[] dateValues = new Date[values.length];
for (int i=0; i < values.length; i++)
{
dateValues[i] =
StaticUtils.decodeGeneralizedTime(values[i].stringValue());
}
return dateValues;
}
/**
* Creates an array of ASN.1 octet strings with the provided set of values.
*
* @param dates The dates from which to create the values. It may be
* {@code null} or empty if there should be no values.
*
* @return The array of ASN.1 octet strings.
*/
@NotNull()
private static ASN1OctetString[] createValues(@Nullable final Date... dates)
{
if ((dates == null) || (dates.length == 0))
{
return NO_VALUES;
}
final ArrayList valueList =
new ArrayList(dates.length);
for (final Date d : dates)
{
if (d != null)
{
valueList.add(new ASN1OctetString(
StaticUtils.encodeGeneralizedTime(d)));
}
}
return valueList.toArray(NO_VALUES);
}
/**
* Encodes this password policy state operation for use in the extended
* request or response.
*
* @return An ASN.1 element containing an encoded representation of this
* password policy state operation.
*/
@NotNull()
public ASN1Element encode()
{
final ASN1Element[] elements;
if (values.length > 0)
{
elements = new ASN1Element[]
{
new ASN1Enumerated(opType),
new ASN1Sequence(values)
};
}
else
{
elements = new ASN1Element[]
{
new ASN1Enumerated(opType),
};
}
return new ASN1Sequence(elements);
}
/**
* Decodes the provided ASN.1 element as a password policy state operation.
*
* @param element The ASN.1 element to be decoded.
*
* @return The decoded password policy state operation.
*
* @throws LDAPException If a problem occurs while attempting to decode the
* provided ASN.1 element as a password policy state
* operation.
*/
@NotNull()
public static PasswordPolicyStateOperation decode(
@NotNull final ASN1Element element)
throws LDAPException
{
final ASN1Element[] elements;
try
{
elements = ASN1Sequence.decodeAsSequence(element).elements();
}
catch (final Exception e)
{
Debug.debugException(e);
throw new LDAPException(ResultCode.DECODING_ERROR,
ERR_PWP_STATE_ELEMENT_NOT_SEQUENCE.get(e), e);
}
if ((elements.length < 1) || (elements.length > 2))
{
throw new LDAPException(ResultCode.DECODING_ERROR,
ERR_PWP_STATE_INVALID_ELEMENT_COUNT.get(
elements.length));
}
final int opType;
try
{
opType = ASN1Enumerated.decodeAsEnumerated(elements[0]).intValue();
}
catch (final Exception e)
{
Debug.debugException(e);
throw new LDAPException(ResultCode.DECODING_ERROR,
ERR_PWP_STATE_OP_TYPE_NOT_INTEGER.get(e), e);
}
final ASN1OctetString[] values;
if (elements.length == 2)
{
try
{
final ASN1Element[] valueElements =
ASN1Sequence.decodeAsSequence(elements[1]).elements();
values = new ASN1OctetString[valueElements.length];
for (int i=0; i < valueElements.length; i++)
{
values[i] = ASN1OctetString.decodeAsOctetString(valueElements[i]);
}
}
catch (final Exception e)
{
Debug.debugException(e);
throw new LDAPException(ResultCode.DECODING_ERROR,
ERR_PWP_STATE_CANNOT_DECODE_VALUES.get(e), e);
}
}
else
{
values = NO_VALUES;
}
return new PasswordPolicyStateOperation(opType, values);
}
/**
* Retrieves a string representation of this password policy state operation.
*
* @return A string representation of this password policy state operation.
*/
@Override()
@NotNull()
public String toString()
{
final StringBuilder buffer = new StringBuilder();
toString(buffer);
return buffer.toString();
}
/**
* Appends a string representation of this password policy state operation to
* the provided buffer.
*
* @param buffer The buffer to which the information should be appended.
*/
public void toString(@NotNull final StringBuilder buffer)
{
buffer.append("PasswordPolicyStateOperation(opType=");
buffer.append(opType);
if (values.length > 0)
{
buffer.append(", values={");
for (int i=0; i < values.length; i++)
{
if (i > 0)
{
buffer.append(", ");
}
buffer.append('\'');
buffer.append(values[i].stringValue());
buffer.append('\'');
}
buffer.append('}');
}
buffer.append(')');
}
}