com.unboundid.ldap.sdk.unboundidds.PasswordPolicyStateJSON Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unboundid-ldapsdk Show documentation
Show all versions of unboundid-ldapsdk Show documentation
The UnboundID LDAP SDK for Java is a fast, comprehensive, and easy-to-use
Java API for communicating with LDAP directory servers and performing
related tasks like reading and writing LDIF, encoding and decoding data
using base64 and ASN.1 BER, and performing secure communication. This
package contains the Standard Edition of the LDAP SDK, which is a
complete, general-purpose library for communicating with LDAPv3 directory
servers.
/*
* Copyright 2020-2022 Ping Identity Corporation
* All Rights Reserved.
*/
/*
* Copyright 2020-2022 Ping Identity Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Copyright (C) 2020-2022 Ping Identity Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License (GPLv2 only)
* or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see .
*/
package com.unboundid.ldap.sdk.unboundidds;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import com.unboundid.ldap.sdk.Entry;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.LDAPInterface;
import com.unboundid.ldap.sdk.ResultCode;
import com.unboundid.ldap.sdk.SearchResultEntry;
import com.unboundid.ldap.sdk.unboundidds.controls.RecentLoginHistory;
import com.unboundid.ldap.sdk.unboundidds.extensions.
PasswordPolicyStateAccountUsabilityError;
import com.unboundid.ldap.sdk.unboundidds.extensions.
PasswordPolicyStateAccountUsabilityNotice;
import com.unboundid.ldap.sdk.unboundidds.extensions.
PasswordPolicyStateAccountUsabilityWarning;
import com.unboundid.ldap.sdk.unboundidds.extensions.
PasswordPolicyStateExtendedRequest;
import com.unboundid.ldap.sdk.unboundidds.extensions.PasswordQualityRequirement;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.Nullable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.json.JSONObject;
import com.unboundid.util.json.JSONString;
import com.unboundid.util.json.JSONValue;
import static com.unboundid.ldap.sdk.unboundidds.PasswordPolicyStateJSONField.*;
import static com.unboundid.ldap.sdk.unboundidds.UnboundIDDSMessages.*;
/**
* This class provides support for reading and decoding the value of the
* {@code ds-pwp-state-json} virtual attribute, which holds information about a
* user's password policy state.
*
*
* NOTE: This class, and other classes within the
* {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
* supported for use against Ping Identity, UnboundID, and
* Nokia/Alcatel-Lucent 8661 server products. These classes provide support
* for proprietary functionality or for external specifications that are not
* considered stable or mature enough to be guaranteed to work in an
* interoperable way with other types of LDAP servers.
*
*
*
* @see ModifiablePasswordPolicyStateJSON
* @see PasswordPolicyStateExtendedRequest
* @see PasswordPolicyStateJSONField
*/
@NotMutable()
@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
public final class PasswordPolicyStateJSON
implements Serializable
{
/**
* The name of the operational attribute that holds a JSON representation of a
* user's password policy state.
*/
@NotNull public static final String PASSWORD_POLICY_STATE_JSON_ATTRIBUTE =
"ds-pwp-state-json";
/**
* The name of the field that will be used to indicate whether a password
* quality requirement applies to add operations.
*/
@NotNull private static final String REQUIREMENT_FIELD_APPLIES_TO_ADD =
"applies-to-add";
/**
* The name of the field that will be used to indicate whether a password
* quality requirement applies to administrative password resets.
*/
@NotNull private static final String
REQUIREMENT_FIELD_APPLIES_TO_ADMIN_RESET =
"applies-to-administrative-reset";
/**
* The name of the field that will be used to indicate whether a password
* quality requirement applies to bind operations.
*/
@NotNull private static final String REQUIREMENT_FIELD_APPLIES_TO_BIND =
"applies-to-bind";
/**
* The name of the field that will be used to indicate whether a password
* quality requirement applies to self password changes.
*/
@NotNull private static final String
REQUIREMENT_FIELD_APPLIES_TO_SELF_CHANGE = "applies-to-self-change";
/**
* The name of the field that will be used to hold the set of client-side
* validation properties.
*/
@NotNull private static final String
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_PROPERTIES =
"client-side-validation-properties";
/**
* The name of the field that will be used to hold the name of a client-side
* validation property.
*/
@NotNull private static final String
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_PROPERTY_NAME = "name";
/**
* The name of the field that will be used to hold the value of a client-side
* validation property.
*/
@NotNull private static final String
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_PROPERTY_VALUE = "value";
/**
* The name of the field that will be used to hold the name of the client-side
* validation type for a password quality requirement.
*/
@NotNull private static final String
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_TYPE =
"client-side-validation-type";
/**
* The name of the field that will be used to hold the description component
* of a password quality requirement.
*/
@NotNull private static final String REQUIREMENT_FIELD_DESCRIPTION =
"description";
/**
* The name of the field that will be used to hold the message component of an
* account usability error, warning, or notice.
*/
@NotNull private static final String USABILITY_FIELD_MESSAGE = "message";
/**
* The name of the field that will be used to hold the integer version of
* the identifier for of an account usability error, warning, or notice.
*/
@NotNull private static final String USABILITY_FIELD_TYPE_ID = "type-id";
/**
* The name of the field that will be used to hold the name of the identifier
* for of an account usability error, warning, or notice.
*/
@NotNull private static final String USABILITY_FIELD_TYPE_NAME = "type-name";
/**
* The serial version UID for this serializable class.
*/
private static final long serialVersionUID = -3953182526241789456L;
// The JSON object that contains the password policy state information.
@NotNull private final JSONObject passwordPolicyStateObject;
/**
* Creates a new instance of this object from the provided JSON object.
*
* @param passwordPolicyStateObject The JSON object containing the encoded
* password policy state.
*/
public PasswordPolicyStateJSON(
@NotNull final JSONObject passwordPolicyStateObject)
{
this.passwordPolicyStateObject = passwordPolicyStateObject;
}
/**
* Attempts to retrieve and decode the password policy state information for
* the specified user.
*
* @param connection The connection to use to communicate with the server.
* It must not be {@code null}, and it must be established
* and authenticated as an account with permission to
* access the target user's password policy state
* information.
* @param userDN The DN of the user for whom to retrieve the password
* policy state. It must not be {@code null}.
*
* @return The password policy state information for the specified user, or
* {@code null} because no password policy state information is
* available for the user.
*
* @throws LDAPException If a problem is encountered while trying to
* retrieve the user's entry or decode the password
* policy state JSON object.
*/
@Nullable()
public static PasswordPolicyStateJSON get(
@NotNull final LDAPInterface connection,
@NotNull final String userDN)
throws LDAPException
{
final SearchResultEntry userEntry = connection.getEntry(userDN,
PASSWORD_POLICY_STATE_JSON_ATTRIBUTE);
if (userEntry == null)
{
throw new LDAPException(ResultCode.NO_SUCH_OBJECT,
ERR_PW_POLICY_STATE_JSON_GET_NO_SUCH_USER.get(userDN));
}
return get(userEntry);
}
/**
* Attempts to retrieve and decode the password policy state information from
* the provided user entry.
*
* @param userEntry The entry for the user for whom to obtain the password
* policy state information. It must not be {@code null}.
*
* @return The password policy state information from the provided user
* entry, or {@code null} if no password policy state information is
* available for the user.
*
* @throws LDAPException If a problem is encountered while trying to decode
* the password policy state JSON object.
*/
@Nullable()
public static PasswordPolicyStateJSON get(@NotNull final Entry userEntry)
throws LDAPException
{
final String valueString =
userEntry.getAttributeValue(PASSWORD_POLICY_STATE_JSON_ATTRIBUTE);
if (valueString == null)
{
return null;
}
final JSONObject jsonObject;
try
{
jsonObject = new JSONObject(valueString);
}
catch (final Exception e)
{
Debug.debugException(e);
throw new LDAPException(ResultCode.DECODING_ERROR,
ERR_PW_POLICY_STATE_JSON_GET_CANNOT_DECODE.get(
PASSWORD_POLICY_STATE_JSON_ATTRIBUTE, userEntry.getDN()),
e);
}
return new PasswordPolicyStateJSON(jsonObject);
}
/**
* Retrieves the JSON object that contains the encoded password policy state
* information.
*
* @return The JSON object that contains the encoded password policy state
* information.
*/
@NotNull()
public JSONObject getPasswordPolicyStateJSONObject()
{
return passwordPolicyStateObject;
}
/**
* Retrieves the DN of the entry that defines the password policy that governs
* the associated user.
*
* @return The DN of the entry that defines hte password policy that governs
* the associated user, or {@code null} if this was not included in
* the password policy state JSON object.
*/
@Nullable()
public String getPasswordPolicyDN()
{
return passwordPolicyStateObject.getFieldAsString(
PASSWORD_POLICY_DN.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user's account is
* in a state that the server considers usable.
*
* @return {@code Boolean.TRUE} if the account is in a usable state,
* {@code Boolean.FALSE} if the account is not in a usable state, or
* {@code null} if this flag was not included in the password policy
* state JSON object.
*/
@Nullable()
public Boolean getAccountIsUsable()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_USABLE.getFieldName());
}
/**
* Retrieves a list of information about any error conditions that may
* affect usability of the user's account.
*
* @return A list of information about any error conditions that may affect
* the usability of the user's account. The returned list may be
* empty if there are no account usability errors or if this was not
* included in the password policy state JSON object.
*/
@NotNull()
public List
getAccountUsabilityErrors()
{
final List errors =
new ArrayList<>();
final List values = passwordPolicyStateObject.getFieldAsArray(
ACCOUNT_USABILITY_ERRORS.getFieldName());
if (values != null)
{
for (final JSONValue v : values)
{
if (v instanceof JSONObject)
{
final JSONObject o = (JSONObject) v;
final String typeName = o.getFieldAsString(USABILITY_FIELD_TYPE_NAME);
final Integer typeID = o.getFieldAsInteger(USABILITY_FIELD_TYPE_ID);
final String message = o.getFieldAsString(USABILITY_FIELD_MESSAGE);
if ((typeName != null) && (typeID != null))
{
errors.add(new PasswordPolicyStateAccountUsabilityError(typeID,
typeName, message));
}
}
}
}
return Collections.unmodifiableList(errors);
}
/**
* Retrieves a list of information about any warning conditions that may soon
* affect usability of the user's account.
*
* @return A list of information about any warning conditions that may soon
* affect the usability of the user's account. The returned list may
* be empty if there are no account usability warnings or if this was
* not included in the password policy state JSON object.
*/
@NotNull()
public List
getAccountUsabilityWarnings()
{
final List warnings =
new ArrayList<>();
final List values = passwordPolicyStateObject.getFieldAsArray(
ACCOUNT_USABILITY_WARNINGS.getFieldName());
if (values != null)
{
for (final JSONValue v : values)
{
if (v instanceof JSONObject)
{
final JSONObject o = (JSONObject) v;
final String typeName = o.getFieldAsString(USABILITY_FIELD_TYPE_NAME);
final Integer typeID = o.getFieldAsInteger(USABILITY_FIELD_TYPE_ID);
final String message = o.getFieldAsString(USABILITY_FIELD_MESSAGE);
if ((typeName != null) && (typeID != null))
{
warnings.add(new PasswordPolicyStateAccountUsabilityWarning(typeID,
typeName, message));
}
}
}
}
return Collections.unmodifiableList(warnings);
}
/**
* Retrieves a list of information about any notices related to the usability
* of the user's account.
*
* @return A list of information about any notices related to the usability
* of the user's account. The returned list may be empty if there
* are no account usability notices or if this was not included in
* the password policy state JSON object.
*/
@NotNull()
public List
getAccountUsabilityNotices()
{
final List notices =
new ArrayList<>();
final List values = passwordPolicyStateObject.getFieldAsArray(
ACCOUNT_USABILITY_NOTICES.getFieldName());
if (values != null)
{
for (final JSONValue v : values)
{
if (v instanceof JSONObject)
{
final JSONObject o = (JSONObject) v;
final String typeName = o.getFieldAsString(USABILITY_FIELD_TYPE_NAME);
final Integer typeID = o.getFieldAsInteger(USABILITY_FIELD_TYPE_ID);
final String message = o.getFieldAsString(USABILITY_FIELD_MESSAGE);
if ((typeName != null) && (typeID != null))
{
notices.add(new PasswordPolicyStateAccountUsabilityNotice(typeID,
typeName, message));
}
}
}
}
return Collections.unmodifiableList(notices);
}
/**
* Retrieves the value of a flag that indicates whether the user's account
* contains at least one static password.
*
* @return {@code Boolean.TRUE} if the account has at least one static
* password, {@code Boolean.FALSE} if the account does not have any
* static password, or {@code null} if this flag was not included in
* the password policy state JSON object.
*/
@Nullable()
public Boolean getHasStaticPassword()
{
return passwordPolicyStateObject.getFieldAsBoolean(
HAS_STATIC_PASSWORD.getFieldName());
}
/**
* Retrieves the time that the user's password was last changed.
*
* @return The time that the user's password was last changed, or
* {@code null} if this was not included in the password policy state
* JSON object.
*/
@Nullable()
public Date getPasswordChangedTime()
{
return getDate(PASSWORD_CHANGED_TIME);
}
/**
* Retrieves the length of time in seconds that has passed since the user's
* password was last changed.
*
* @return The length of time in seconds that has passed since the user's
* password was last changed, or {@code null} if this was not
* included in the password policy state JSON object.
*/
@Nullable()
public Integer getSecondsSincePasswordChange()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_PASSWORD_CHANGE.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user's account has
* been administratively disabled.
*
* @return {@code Boolean.TRUE} if the account has been administratively
* disabled, {@code Boolean.FALSE} if the account has not been
* administratively disabled, or {@code null} if this flag was not
* included in the password policy state JSON object.
*/
@Nullable()
public Boolean getAccountIsDisabled()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_DISABLED.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user's account is
* not yet active because it has an activation time that is in the future.
*
* @return {@code Boolean.TRUE} if the account is not yet active,
* {@code Boolean.FALSE} if the account either does not have an
* activation time or if that time has already passed, or
* {@code null} if this flag was not included in the password policy
* state JSON object.
*/
@Nullable()
public Boolean getAccountIsNotYetActive()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_NOT_YET_ACTIVE.getFieldName());
}
/**
* Retrieves the time that the user's account became (or will become) active.
*
* @return The time that the user's account became (or will become) active,
* or {@code null} if this was not included in the password policy
* state JSON object.
*/
@Nullable()
public Date getAccountActivationTime()
{
return getDate(ACCOUNT_ACTIVATION_TIME);
}
/**
* Retrieves the length of time in seconds until the user's account will
* become active.
*
* @return The length of time in seconds until the user's account will become
* active, or {@code null} if this was not included in the password
* policy state JSON object (e.g., because the user does not have an
* activation time in the future).
*/
@Nullable()
public Integer getSecondsUntilAccountActivation()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_UNTIL_ACCOUNT_ACTIVATION.getFieldName());
}
/**
* Retrieves the length of time in seconds since the user's account became
* active.
*
* @return The length of time in seconds since the user's account became
* active, or {@code null} if this was not included in the password
* policy state JSON object (e.g., because the user does not have an
* activation time in the past).
*/
@Nullable()
public Integer getSecondsSinceAccountActivation()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_ACCOUNT_ACTIVATION.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user's account is
* expired.
*
* @return {@code Boolean.TRUE} if the account is expired,
* {@code Boolean.FALSE} if the account is not expired, or
* {@code null} if this flag was not included in the password policy
* state JSON object.
*/
@Nullable()
public Boolean getAccountIsExpired()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_EXPIRED.getFieldName());
}
/**
* Retrieves the time that the user's account will (or did) expire.
*
* @return The time that the user's account will (or did) expire, or
* {@code null} if this was not included in the password policy state
* JSON object.
*/
@Nullable()
public Date getAccountExpirationTime()
{
return getDate(ACCOUNT_EXPIRATION_TIME);
}
/**
* Retrieves the length of time in seconds until the user's account will
* expire.
*
* @return The length of time in seconds until the user's account will
* expire, or {@code null} if this was not included in the password
* policy state JSON object (e.g., because the user does not have an
* expiration time in the future).
*/
@Nullable()
public Integer getSecondsUntilAccountExpiration()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_UNTIL_ACCOUNT_EXPIRATION.getFieldName());
}
/**
* Retrieves the length of time in seconds since the user's account expired.
*
* @return The length of time in seconds since the user's account expired,
* or {@code null} if this was not included in the password policy
* state JSON object (e.g., because the user does not have an
* expiration time in the past).
*/
@Nullable()
public Integer getSecondsSinceAccountExpiration()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_ACCOUNT_EXPIRATION.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user's password is
* expired.
*
* @return {@code Boolean.TRUE} if the password is expired,
* {@code Boolean.FALSE} if the password is not expired, or
* {@code null} if this flag was not included in the password policy
* state JSON object.
*/
@Nullable()
public Boolean getPasswordIsExpired()
{
return passwordPolicyStateObject.getFieldAsBoolean(
PASSWORD_IS_EXPIRED.getFieldName());
}
/**
* Retrieves the maximum length of time in seconds after a password change
* that the user is allowed to keep using that password.
*
* @return The maximum length of time in seconds after a password change that
* the user is allowed to keep using that password, or {@code null}
* if this flag was not included in the password policy state JSON
* object (e.g., because password expiration is not configured in the
* password policy that governs the user).
*/
@Nullable()
public Integer getMaximumPasswordAgeSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_PASSWORD_AGE_SECONDS.getFieldName());
}
/**
* Retrieves the time that the user's password will (or did) expire.
*
* @return The time that the user's password will (or did) expire, or
* {@code null} if this was not included in the password policy state
* JSON object (e.g., because password expiration is not configured
* in the password policy that governs the user).
*/
@Nullable()
public Date getPasswordExpirationTime()
{
return getDate(PASSWORD_EXPIRATION_TIME);
}
/**
* Retrieves the length of time in seconds until the user's password will
* expire.
*
* @return The length of time in seconds until the user's password will
* expire, or {@code null} if this was not included in the password
* policy state JSON object (e.g., because password expiration is not
* configured in the password policy that governs the user, or
* because the user's password is already expired).
*/
@Nullable()
public Integer getSecondsUntilPasswordExpiration()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_UNTIL_PASSWORD_EXPIRATION.getFieldName());
}
/**
* Retrieves the length of time in seconds since the user's password expired.
*
* @return The length of time in seconds since the user's password expired,
* or {@code null} if this was not included in the password policy
* state JSON object (e.g., because password expiration is not
* configured in the password policy that governs the user, or
* because the user's password is not expired).
*/
@Nullable()
public Integer getSecondsSincePasswordExpiration()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_PASSWORD_EXPIRATION.getFieldName());
}
/**
* Retrieves the length of time in seconds before an upcoming password
* expiration that the user will be eligible to start receving warnings about
* that expiration.
*
* @return The length of time in seconds before an upcoming password
* expiration that the user will be eligible to start receiving
* messages about that expiration, or {@code null} if this was not
* included in the password policy state JSON object (e.g., because
* password expiration is not configured in the password policy that
* governs the user).
*/
@Nullable()
public Integer getPasswordExpirationWarningIntervalSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
PASSWORD_EXPIRATION_WARNING_INTERVAL_SECONDS.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the server will allow
* a user's password to expire even if they have not yet received any warnings
* about an upcoming expiration.
*
* @return {@code Boolean.TRUE} if the server will allow a user's password to
* expire even if they have not been warned about an upcoming
* expiration, {@code Boolean.FALSE} if the server will ensure that
* the user receives at least one warning before expiring the
* password, or {@code null} if this flag was not included in the
* password policy state JSON object (e.g., because password
* expiration is not configured in the password policy that governs
* the user).
*/
@Nullable()
public Boolean getExpirePasswordsWithoutWarning()
{
return passwordPolicyStateObject.getFieldAsBoolean(
EXPIRE_PASSWORDS_WITHOUT_WARNING.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user has
* received at least one warning about an upcoming password expiration.
*
* @return {@code Boolean.TRUE} if the user has received at least one warning
* about an upcoming password expiration, {@code Boolean.FALSE} if
* the user has not been warned about an upcoming password
* expiration, or {@code null} if this flag was not included in the
* password policy state JSON object (e.g., because password
* expiration is not configured in the password policy that governs
* the user).
*/
@Nullable()
public Boolean getPasswordExpirationWarningIssued()
{
return passwordPolicyStateObject.getFieldAsBoolean(
PASSWORD_EXPIRATION_WARNING_ISSUED.getFieldName());
}
/**
* Retrieves the time that the user will be eligible to receive (or the time
* that the user first received) a warning about an upcoming password
* expiration.
*
* @return The time that the user will be eligible to receive (or the time
* that the user first received) a warning about an upcoming password
* expiration, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because password
* expiration is not configured in the password policy that governs
* the user).
*/
@Nullable()
public Date getPasswordExpirationWarningTime()
{
return getDate(PASSWORD_EXPIRATION_WARNING_TIME);
}
/**
* Retrieves the length of time in seconds until the user will be eligible to
* receive a warning about an upcoming password expiration.
*
* @return The length of time in seconds until the user will be eligible to
* receive a warning about an upcoming password expiration, or
* {@code null} if this was not included in the password policy state
* JSON object (e.g., because password expiration is not configured
* in the password policy that governs the user, or because the user
* has already been warned about an upcoming expiration).
*/
@Nullable()
public Integer getSecondsUntilPasswordExpirationWarning()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_UNTIL_PASSWORD_EXPIRATION_WARNING.getFieldName());
}
/**
* Retrieves the length of time in seconds since the user received the first
* warning about an upcoming password expiration.
*
* @return The length of time in seconds since the user received the first
* warning about an upcoming password expiration, or {@code null} if
* this was not included in the password policy state JSON object
* (e.g., because password expiration is not configured in the
* password policy that governs the user, or because the user has
* not yet been warned about an upcoming expiration).
*/
@Nullable()
public Integer getSecondsSincePasswordExpirationWarning()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_PASSWORD_EXPIRATION_WARNING.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user account is
* currently locked as a result of too many failed authentication attempts.
*
* @return {@code Boolean.TRUE} if the user account is locked as a result of
* too many failed authentication attempts, {@code Boolean.FALSE} if
* the user account is not locked because of too many failed
* authentication attempts, or {@code null} if this flag was not
* included in the password policy state JSON object.
*/
@Nullable()
public Boolean getAccountIsFailureLocked()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_FAILURE_LOCKED.getFieldName());
}
/**
* Retrieves the number of consecutive failed authentication attempts that are
* required to lock the user's account.
*
* @return The number of consecutive failed authentication attempts that are
* required to lock the user's account, or {@code null} if this was
* not included in the password policy state JSON object (e.g.,
* because account lockout is not configured in the password policy
* that governs the user).
*/
@Nullable()
public Integer getFailureLockoutCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
FAILURE_LOCKOUT_COUNT.getFieldName());
}
/**
* Retrieves the current number of failed authentication attempts for the
* user account.
*
* @return The current number of failed authentication attempts for the user
* account, or {@code null} if this was not included in the password
* policy state JSON object (e.g., because account lockout is not
* configured in the password policy that governs the user).
*/
@Nullable()
public Integer getCurrentAuthenticationFailureCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
CURRENT_AUTHENTICATION_FAILURE_COUNT.getFieldName());
}
/**
* Retrieves the remaining number of failed authentication attempts required
* to lock the user account.
*
* @return The remaining number of failed authentication attempts required to
* lock the user account, or {@code null} if this was not included in
* the password policy state JSON object (e.g., because account
* lockout is not configured in the password policy that governs the
* user).
*/
@Nullable()
public Integer getRemainingAuthenticationFailureCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
REMAINING_AUTHENTICATION_FAILURE_COUNT.getFieldName());
}
/**
* Retrieves a list of the outstanding authentication failure times for the
* user account.
*
* @return A list of the outstanding authentication failure times for the
* user account, or an empty list if there are no outstanding
* authentication failures or if this was not included in the
* password policy state JSON object (e.g., because account lockout
* is not configured in the password policy that governs the user).
*/
@NotNull()
public List getAuthenticationFailureTimes()
{
final List authFailureTimes = new ArrayList<>();
final List values = passwordPolicyStateObject.getFieldAsArray(
AUTHENTICATION_FAILURE_TIMES.getFieldName());
if (values != null)
{
for (final JSONValue v : values)
{
try
{
final String valueString = ((JSONString) v).stringValue();
authFailureTimes.add(StaticUtils.decodeRFC3339Time(valueString));
}
catch (final Exception e)
{
Debug.debugException(e);
}
}
}
return Collections.unmodifiableList(authFailureTimes);
}
/**
* Retrieves the time that the user's account was locked as a result of too
* many failed authentication attempts.
*
* @return The time that the user's account was locked as a result of too
* many failed authentication attempts, or {@code null} if this was
* not included in the password policy state JSON object (e.g.,
* because the user's account is not failure locked).
*/
@Nullable()
public Date getFailureLockoutTime()
{
return getDate(FAILURE_LOCKOUT_TIME);
}
/**
* Retrieves the length of time in seconds that a user's account will be
* locked after too many failed authentication attempts.
*
* @return The length of time in seconds that a user's account will be
* locked after too many failed authentication attempts, or
* {@code null} if this was not included in the password policy state
* JSON object (e.g., because account lockout is not configured in
* the password policy that governs the user, or because account
* lockout is not temporary).
*/
@Nullable()
public Integer getFailureLockoutDurationSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
FAILURE_LOCKOUT_DURATION_SECONDS.getFieldName());
}
/**
* Retrieves the time that the user's failure-locked account will be
* automatically unlocked.
*
* @return The time that the user's failure-locked account will be
* automatically unlocked, or {@code null} if this was not included
* in the password policy state JSON object (e.g., because the user's
* account is not failure locked, or because the lockout is not
* temporary).
*/
@Nullable()
public Date getFailureLockoutExpirationTime()
{
return getDate(FAILURE_LOCKOUT_EXPIRATION_TIME);
}
/**
* Retrieves the length of time in seconds remaining until the user's
* failure-locked account will be automatically unlocked.
*
* @return The length of time in seconds remaining until the user's
* failure-locked account will be automatically unlocked, or
* {@code null} if this was not included in the password policy state
* JSON object (e.g., because the user's account is not failure
* locked, or because the lockout is not temporary).
*/
@Nullable()
public Integer getSecondsRemainingInFailureLockout()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_REMAINING_IN_FAILURE_LOCKOUT.getFieldName());
}
/**
* Retrieves the time that the user last successfully authenticated to the
* server.
*
* @return The time that the user last successfully authenticated to the
* server, or {@code null} if this was not included in the password
* policy state JSON object (e.g., because last login time tracking
* is not configured in the password policy that governs the user).
*/
@Nullable()
public Date getLastLoginTime()
{
return getDate(LAST_LOGIN_TIME);
}
/**
* Retrieves the length of time in seconds since the user last successfully
* authenticated to the server.
*
* @return The length of time in seconds since the user last successfully
* authenticated to the server, or {@code null} if this was not
* included in the password policy state JSON object (e.g., because
* last login time tracking is not configured in the password policy
* that governs the user).
*/
@Nullable()
public Integer getSecondsSinceLastLogin()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_LAST_LOGIN.getFieldName());
}
/**
* Retrieves the IP address of the client from which the user last
* successfully authenticated.
*
* @return The IP address of the client from which the user last successfully
* authenticated, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because last login IP
* address tracking is not configured in the password policy that
* governs the user).
*/
@Nullable()
public String getLastLoginIPAddress()
{
return passwordPolicyStateObject.getFieldAsString(
LAST_LOGIN_IP_ADDRESS.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user's account is
* currently locked because it has been too long since they last authenticated
* to the server.
*
* @return {@code Boolean.TRUE} if the user's account is currently
* idle-locked, {@code Boolean.FALSE} if the user's account is not
* currently idle-locked, or {@code null} if this flag was not
* included in the password policy state JSON object.
*/
@Nullable()
public Boolean getAccountIsIdleLocked()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_IDLE_LOCKED.getFieldName());
}
/**
* Retrieves the maximum length of time in seconds that can elapse between
* successful authentications before the user's account is locked.
*
* @return The maximum length of time in seconds that can elapse between
* successful authentications before the user's account is locked, or
* {@code null} if this was not included in the password policy state
* JSON object (e.g., because idle lockout is not configured in the
* password policy that governs the user).
*/
@Nullable()
public Integer getIdleLockoutIntervalSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
IDLE_LOCKOUT_INTERVAL_SECONDS.getFieldName());
}
/**
* Retrieves the time that the user's account will be (or was) locked for
* allowing too much time to elapse between successful authentications.
*
* @return The time that the user's account will be (or was) locked for
* allowing too much time to elapse between successful
* authentications, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because idle lockout is
* not configured in the password policy that governs the user).
*/
@Nullable()
public Date getIdleLockoutTime()
{
return getDate(IDLE_LOCKOUT_TIME);
}
/**
* Retrieves the length of time in seconds until the user's account will be
* locked for allowing too much time to elapse between successful
* authentications.
*
* @return The length of time in seconds until the user's account will be
* locked for allowing too much time to elapse between successful
* authentication, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because idle lockout is
* not configured in the password policy that governs the user, or
* because the user's account is already idle-locked).
*/
@Nullable()
public Integer getSecondsUntilIdleLockout()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_UNTIL_IDLE_LOCKOUT.getFieldName());
}
/**
* Retrieves the length of time in seconds since the user's account was
* locked for allowing too much time to elapse between successful
* authentications.
*
* @return The length of time in seconds since the user's account was locked
* for allowing too much time to elapse between successful
* authentication, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because idle lockout is
* not configured in the password policy that governs the user, or
* because the user's account is not idle-locked).
*/
@Nullable()
public Integer getSecondsSinceIdleLockout()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_IDLE_LOCKOUT.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user must change
* their password before they will be allowed to perform any other operations
* in the server.
*
* @return {@code Boolean.TRUE} if the user must change their password before
* they will be allowed to perform any other operations in the
* server, {@code Boolean.FALSE} if the user is not required to
* change their password, or {@code null} if this flag was not
* included in the password policy state JSON object.
*/
@Nullable()
public Boolean getMustChangePassword()
{
return passwordPolicyStateObject.getFieldAsBoolean(
MUST_CHANGE_PASSWORD.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user's account is
* locked because they failed to choose a new password in a timely manner
* after an administrative reset.
*
* @return {@code Boolean.TRUE} if the user's account is currently
* reset-locked, {@code Boolean.FALSE} if the user's account is not
* reset-locked, or {@code null} if this flag was not included in the
* password policy state JSON object.
*/
@Nullable()
public Boolean getAccountIsResetLocked()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_RESET_LOCKED.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the password policy
* that governs the user is configured to require users to choose a new
* password the first time they authenticate after their account is created.
*
* @return {@code Boolean.TRUE} if users are required to choose a new
* password the first time they authenticate after their account is
* created, {@code Boolean.FALSE} if users are not required to choose
* a new password after their account is created, or {@code null} if
* this flag was not included in the password policy state JSON
* object.
*/
@Nullable()
public Boolean getForceChangeOnAdd()
{
return passwordPolicyStateObject.getFieldAsBoolean(
FORCE_CHANGE_ON_ADD.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the password policy
* that governs the user is configured to require users to choose a new
* password the first time they authenticate after their password has been
* reset by an administrator.
*
* @return {@code Boolean.TRUE} if users are required to choose a new
* password the first time they authenticate after their password is
* reset, {@code Boolean.FALSE} if users are not required to choose
* a new password after their password is reset, or {@code null} if
* this flag was not included in the password policy state JSON
* object.
*/
@Nullable()
public Boolean getForceChangeOnReset()
{
return passwordPolicyStateObject.getFieldAsBoolean(
FORCE_CHANGE_ON_RESET.getFieldName());
}
/**
* Retrieves the maximum length of time in seconds that a user has to change
* their password after an administrative reset before their account will be
* locked.
*
* @return The maximum length of time in seconds that a user has to change
* their password after an administrative reset before their account
* will be locked, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because reset lockout is
* not configured in the password policy that governs the user).
*/
@Nullable()
public Integer getMaximumPasswordResetAgeSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_PASSWORD_RESET_AGE_SECONDS.getFieldName());
}
/**
* Retrieves the time that the user's account will be (or was) locked after
* failing to choose a new password in a timely manner after an administrative
* reset.
*
* @return The time that the user's account will be (or wa) locked after
* failing to choose a new password in a timely manner after an
* administrative reset, or {@code null} if this was not included in
* the password policy state JSON object (e.g., because reset lockout
* is not configured in the password policy that governs the user,
* or because the user's password has not been reset).
*/
@Nullable()
public Date getResetLockoutTime()
{
return getDate(RESET_LOCKOUT_TIME);
}
/**
* Retrieves the length of time in seconds until the user's account will be
* locked for failing to choose a new password after an administrative
* reset.
*
* @return The length of time in seconds until the user's account will be
* locked for failing to choose a new password after an
* administrative reset, or {@code null} if this was not included in
* the password policy state JSON object (e.g., because reset lockout
* is not configured in the password policy that governs the user,
* because the user's password has not been reset, or because the
* user's account is already reset-locked).
*/
@Nullable()
public Integer getSecondsUntilResetLockout()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_UNTIL_RESET_LOCKOUT.getFieldName());
}
/**
* Retrieves the maximum number of passwords that the server will maintain in
* the user's password history.
*
* @return The maximum number of passwords that the server will maintain in
* the user's password history, or {@code null} if this was not
* included in the password policy state JSON object (e.g., because
* the password policy that governs the user is not configured to
* maintain a password history, or because it maintains a password
* history based on a duration rather than a count).
*/
@Nullable()
public Integer getMaximumPasswordHistoryCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_PASSWORD_HISTORY_COUNT.getFieldName());
}
/**
* Retrieves the maximum length of time in seconds that the server will
* maintain passwords in the user's password history.
*
* @return The maximum length of time in seconds that the server will
* maintain passwords in the user's password history, or
* {@code null} if this was not included in the password policy
* state JSON object (e.g., because the password policy that governs
* the user is not configured to maintain a password history, or
* because it maintains a password history based on a count rather
* than a duration).
*/
@Nullable()
public Integer getMaximumPasswordHistoryDurationSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_PASSWORD_HISTORY_DURATION_SECONDS.getFieldName());
}
/**
* Retrieves the number of passwords currently held in the user's password
* history.
*
* @return The number of passwords currently held in the user's password
* history, or {@code null} if this was not incldued in the password
* policy state JSON object (e.g., because the password policy that
* governs the user is not configured to maintain a password
* history).
*/
@Nullable()
public Integer getCurrentPasswordHistoryCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
CURRENT_PASSWORD_HISTORY_COUNT.getFieldName());
}
/**
* Indicates whether the user is currently prohibited from changing their
* password because not enough time has elapsed since they last changed their
* password.
*
* @return {@code Boolean.TRUE} if the user is currently prohibited from
* changing their password because not enough time has elapsed since
* they last changed their password, {@code Boolean.FALSE} if the
* user is not prohibited from changing their password because of the
* minimum password age, or {@code null} if this flag was not
* included in the password policy state JSON object.
*/
@Nullable()
public Boolean getIsWithinMinimumPasswordAge()
{
return passwordPolicyStateObject.getFieldAsBoolean(
IS_WITHIN_MINIMUM_PASSWORD_AGE.getFieldName());
}
/**
* Retrieves the minimum length of time in seconds that must elapse after a
* user changes their password before they will be permitted to change it
* again.
*
* @return The minimum length of time in seconds that must elapse after a
* user changes their password before they will be permitted to
* change it again, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because no minimum
* password age is configured in the password policy that governs the
* user).
*/
@Nullable()
public Integer getMinimumPasswordAgeSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
MINIMUM_PASSWORD_AGE_SECONDS.getFieldName());
}
/**
* Retrieves the earliest time that the user will be permitted to change their
* password as a result of the minimum password age.
*
* @return The earliest time that the user will be permitted to change their
* password as a result of the minimum password age, or {@code null}
* if this was not included in the password policy state JSON
* object (e.g., because no minimum password age is configured in the
* password policy that governs the user, or because it has been
* longer than the minimum age since they last changed their
* password).
*/
@Nullable()
public Date getMinimumPasswordAgeExpirationTime()
{
return getDate(MINIMUM_PASSWORD_AGE_EXPIRATION_TIME);
}
/**
* Retrieves the length of time in seconds remaining until the user will be
* permitted to change their password as a result of the minimum password age.
*
* @return The length of time in seconds remaining until the user will be
* permitted to change their password as a result of the minimum
* password age, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because no minimum
* password age is configured in the password policy that governs the
* user, or because it has been longer than the minimum age since
* they last changed their password).
*/
@Nullable()
public Integer getSecondsRemainingInMinimumPasswordAge()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_REMAINING_IN_MINIMUM_PASSWORD_AGE.getFieldName());
}
/**
* Retrieves the maximum number of grace login attempts that the user will
* have to allow them to change an expired password.
*
* @return The maximum number of grace login attempts that the user will have
* to allow them to change an expired password, or {@code null} if
* this was not included in the password policy state JSON object
* (e.g., if grace logins are not configured in the password policy
* that governs the user).
*/
@Nullable()
public Integer getMaximumGraceLoginCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_GRACE_LOGIN_COUNT.getFieldName());
}
/**
* Retrieves the number of grace logins that the user has currently used.
*
* @return The number of grace login attempts that the user has currently
* used, or {@code null} if this was not included in the password
* policy state JSON object (e.g., if grace logins are not configured
* in the password policy that governs the user).
*/
@Nullable()
public Integer getUsedGraceLoginCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
USED_GRACE_LOGIN_COUNT.getFieldName());
}
/**
* Retrieves the remaining number of grace logins for the user.
*
* @return The remaining number of grace logins for the user, or {@code null}
* if this was not included in the password policy state JSON object
* (e.g., if grace logins are not configured in the password policy
* that governs the user).
*/
@Nullable()
public Integer getRemainingGraceLoginCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
REMAINING_GRACE_LOGIN_COUNT.getFieldName());
}
/**
* Retrieves a list of the times that the user has used a grace login to
* authenticate.
*
* @return A list of the times that the user has used a grace login to
* authenticate, or an empty list if the user has not used any grace
* logins, or if this was not included in the password policy state
* JSON object (e.g., if grace logins are not configured in the
* password policy that governs the user).
*/
@NotNull()
public List getGraceLoginUseTimes()
{
final List graceLoginTimes = new ArrayList<>();
final List values = passwordPolicyStateObject.getFieldAsArray(
GRACE_LOGIN_USE_TIMES.getFieldName());
if (values != null)
{
for (final JSONValue v : values)
{
try
{
final String valueString = ((JSONString) v).stringValue();
graceLoginTimes.add(StaticUtils.decodeRFC3339Time(valueString));
}
catch (final Exception e)
{
Debug.debugException(e);
}
}
}
return Collections.unmodifiableList(graceLoginTimes);
}
/**
* Retrieves the value of a flag that indicates whether the user account has a
* retired former password that may still be used to authenticate.
*
* @return {@code Boolean.TRUE} if the user account currently has a valid
* retired password, {@code Boolean.FALSE} if the user account does
* not have a valid retired password, or {@code null} if this flag
* was not included in the password policy state JSON object.
*/
@Nullable()
public Boolean getHasRetiredPassword()
{
return passwordPolicyStateObject.getFieldAsBoolean(
HAS_RETIRED_PASSWORD.getFieldName());
}
/**
* Retrieves the time that the user's retired password will expire and can no
* longer be used to authenticate.
*
* @return The time that the user's retired password will expire, or
* {@code null} if this was not included in the password policy state
* JSON object (e.g., because the user does not have a retired
* password).
*/
@Nullable()
public Date getRetiredPasswordExpirationTime()
{
return getDate(RETIRED_PASSWORD_EXPIRATION_TIME);
}
/**
* Retrieves the length of time in seconds remaining until the user's retired
* password expires and can no longer be used to authenticate.
*
* @return The length of time in seconds remaining until the user's retired
* password expires, or {@code null} if this was not included in the
* password policy state JSON object (e.g., because the user does not
* have a retired password).
*/
@Nullable()
public Integer getSecondsUntilRetiredPasswordExpiration()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_UNTIL_RETIRED_PASSWORD_EXPIRATION.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user will be
* required to authenticate in a secure manner that does not reveal their
* credentials to an observer.
*
* @return {@code Boolean.TRUE} if the user will be required to authenticate
* in a secure manner, {@code Boolean.FALSE} if the user will not be
* required to authenticate in a secure manner, or {@code null} if
* this flag was not included in the password policy state JSON
* object.
*/
@Nullable()
public Boolean getRequireSecureAuthentication()
{
return passwordPolicyStateObject.getFieldAsBoolean(
REQUIRE_SECURE_AUTHENTICATION.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user will be
* required to change their password in a secure manner that does not reveal
* their credentials to an observer.
*
* @return {@code Boolean.TRUE} if the user will be required to change their
* password in a secure manner, {@code Boolean.FALSE} if the user
* will not be required to change their password in a secure manner,
* or {@code null} if this flag was not included in the password
* policy state JSON object.
*/
@Nullable()
public Boolean getRequireSecurePasswordChanges()
{
return passwordPolicyStateObject.getFieldAsBoolean(
REQUIRE_SECURE_PASSWORD_CHANGES.getFieldName());
}
/**
* Retrieves a list of the names of the SASL mechanisms that the user can use
* to authenticate.
*
* @return A list of the names of the SASL mechanisms that the user can use
* to authenticate, or an empty list if no SASL mechanisms are
* available to the user or if this was not included in the password
* policy state JSON object.
*/
@NotNull()
public List getAvailableSASLMechanisms()
{
final List saslMechanismNames = new ArrayList<>();
final List values = passwordPolicyStateObject.getFieldAsArray(
AVAILABLE_SASL_MECHANISMS.getFieldName());
if (values != null)
{
for (final JSONValue v : values)
{
try
{
saslMechanismNames.add(((JSONString) v).stringValue());
}
catch (final Exception e)
{
Debug.debugException(e);
}
}
}
return Collections.unmodifiableList(saslMechanismNames);
}
/**
* Retrieves a list of the names of the OTP delivery mechanisms that the user
* can use to receive one-time passwords, password reset tokens, and
* single-use tokens.
*
* @return A list of the names of the OTP delivery mechanisms that the user
* can use, or an empty list if no OTP delivery mechanisms are
* available to the user or if this was not included in the password
* policy state JSON object.
*/
@NotNull()
public List getAvailableOTPDeliveryMechanisms()
{
final List deliveryMechanismNames = new ArrayList<>();
final List values = passwordPolicyStateObject.getFieldAsArray(
AVAILABLE_OTP_DELIVERY_MECHANISMS.getFieldName());
if (values != null)
{
for (final JSONValue v : values)
{
try
{
deliveryMechanismNames.add(((JSONString) v).stringValue());
}
catch (final Exception e)
{
Debug.debugException(e);
}
}
}
return Collections.unmodifiableList(deliveryMechanismNames);
}
/**
* Retrieves the value of a flag that indicates whether the user account has
* at least one TOTP shared secret that can be used to authenticate with
* time-based one-time passwords via the UNBOUNDID-TOTP SASL mechanism.
*
* @return {@code Boolean.TRUE} if the user account has at least one TOTP
* shared secret, {@code Boolean.FALSE} if the user account does not
* have any TOTP shared secrets, or {@code null} if this flag was not
* included in the password policy state JSON object.
*/
@Nullable()
public Boolean getHasTOTPSharedSecret()
{
return passwordPolicyStateObject.getFieldAsBoolean(
HAS_TOTP_SHARED_SECRET.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user account has
* at least one registered YubiKey OTP device that can be used to authenticate
* via the UNBOUNDID-YUBIKEY-OTP SASL mechanism.
*
* @return {@code Boolean.TRUE} if the user account has at least one
* registered YubiKey OTP device, {@code Boolean.FALSE} if the user
* account does not have any registered YubiKey OTP devices, or
* {@code null} if this flag was not included in the password policy
* state JSON object.
*/
@Nullable()
public Boolean getHasRegisteredYubiKeyOTPDevice()
{
return passwordPolicyStateObject.getFieldAsBoolean(
HAS_REGISTERED_YUBIKEY_OTP_DEVICE.getFieldName());
}
/**
* Retrieves the value of a flag that indicates whether the user account is
* currently locked because it contains a password that does not satisfy all
* of the configured password validators.
*
* @return {@code Boolean.TRUE} if the user account is locked because it
* contains a password that does not satisfy all of the configured
* password validators, {@code Boolean.FALSE} if the account is not
* validation-locked, or {@code null} if this flag was not included
* in the password policy state JSON object.
*/
@Nullable()
public Boolean getAccountIsValidationLocked()
{
return passwordPolicyStateObject.getFieldAsBoolean(
ACCOUNT_IS_VALIDATION_LOCKED.getFieldName());
}
/**
* Retrieves the time that the server last invoked password validators during
* a bind operation for the user.
*
* @return The time that the server last invoked password validators during a
* bind operation for the user, or {@code null} if this was not
* included in the password policy state JSON object.
*/
@Nullable()
public Date getLastBindPasswordValidationTime()
{
return getDate(LAST_BIND_PASSWORD_VALIDATION_TIME);
}
/**
* Retrieves the length of time in seconds that has passed since the server
* last invoked password validators during a bind operation for the user.
*
* @return The length of time in seconds that has passed since the server
* last invoked password validators during a bind operation for the
* user, or {@code null} if this was not included in the password
* policy state JSON object.
*/
@Nullable()
public Integer getSecondsSinceLastBindPasswordValidation()
{
return passwordPolicyStateObject.getFieldAsInteger(
SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION.getFieldName());
}
/**
* Retrieves the minimum length of time in seconds that should pass between
* invocations of password validators during a bind operation for the user.
*
* @return The minimum length of time in seconds that should pass between
* invocations of password validators during a bind operation for
* each user, or {@code null} if this was not included in the
* password policy state JSON object.
*/
@Nullable()
public Integer getMinimumBindPasswordValidationFrequencySeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
MINIMUM_BIND_PASSWORD_VALIDATION_FREQUENCY_SECONDS.getFieldName());
}
/**
* Retrieves the name of the action that the server should take if the
* password provided during a bind operation fails to satisfy one or more
* password validators.
*
* @return The name of the action that the server should take if the password
* provided during a bind operation fails to satisfy one or more
* password validators, or {@code null} if this was not included in
* the password policy state JSON object.
*/
@Nullable()
public String getBindPasswordValidationFailureAction()
{
return passwordPolicyStateObject.getFieldAsString(
BIND_PASSWORD_VALIDATION_FAILURE_ACTION.getFieldName());
}
/**
* Retrieves the recent login history for the user.
*
* @return The recent login history for the user, or {@code null} if this was
* not included in the password policy state JSON object.
*
* @throws LDAPException If a problem occurs while trying to parse the
* recent login history for the user.
*/
@Nullable()
public RecentLoginHistory getRecentLoginHistory()
throws LDAPException
{
final JSONObject o = passwordPolicyStateObject.getFieldAsObject(
RECENT_LOGIN_HISTORY.getFieldName());
if (o == null)
{
return null;
}
else
{
return new RecentLoginHistory(o);
}
}
/**
* Retrieves the maximum number of recent successful login attempts the server
* should maintain for a user.
*
* @return The maximum number of recent successful login attempts the server
* should maintain for a user, or {@code null}if this was not
* included in the password policy state JSON object.
*/
@Nullable()
public Integer getMaximumRecentLoginHistorySuccessfulAuthenticationCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_RECENT_LOGIN_HISTORY_SUCCESSFUL_AUTHENTICATION_COUNT.
getFieldName());
}
/**
* Retrieves the maximum age in seconds of recent successful login attempts
* the server should maintain for a user.
*
* @return The maximum age in seconds of recent successful login attempts the
* server should maintain for a user, or {@code null}if this was not
* included in the password policy state JSON object.
*/
@Nullable()
public Integer
getMaximumRecentLoginHistorySuccessfulAuthenticationDurationSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_RECENT_LOGIN_HISTORY_SUCCESSFUL_AUTHENTICATION_DURATION_SECONDS
.getFieldName());
}
/**
* Retrieves the maximum number of recent failed login attempts the server
* should maintain for a user.
*
* @return The maximum number of recent failed login attempts the server
* should maintain for a user, or {@code null}if this was not
* included in the password policy state JSON object.
*/
@Nullable()
public Integer getMaximumRecentLoginHistoryFailedAuthenticationCount()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_RECENT_LOGIN_HISTORY_FAILED_AUTHENTICATION_COUNT.
getFieldName());
}
/**
* Retrieves the maximum age in seconds of recent failed login attempts
* the server should maintain for a user.
*
* @return The maximum age in seconds of recent failed login attempts the
* server should maintain for a user, or {@code null}if this was not
* included in the password policy state JSON object.
*/
@Nullable()
public Integer
getMaximumRecentLoginHistoryFailedAuthenticationDurationSeconds()
{
return passwordPolicyStateObject.getFieldAsInteger(
MAXIMUM_RECENT_LOGIN_HISTORY_FAILED_AUTHENTICATION_DURATION_SECONDS.
getFieldName());
}
/**
* Retrieves the list of quality requirements that must be satisfied for
* passwords included in new entries that are added using the same password
* policy as the associated entry.
*
* @return The list of password quality requirements that will be enforced
* for adds using the same password policy as the associated entry,
* or an empty list if no requirements will be imposed.
*/
@NotNull()
public List getAddPasswordQualityRequirements()
{
return getPasswordQualityRequirements(REQUIREMENT_FIELD_APPLIES_TO_ADD);
}
/**
* Retrieves the list of quality requirements that must be satisfied when the
* associated user attempts to change their own password.
*
* @return The list of password quality requirements that will be enforced
* for self password changes, or an empty list if no requirements
* will be imposed.
*/
@NotNull()
public List
getSelfChangePasswordQualityRequirements()
{
return getPasswordQualityRequirements(
REQUIREMENT_FIELD_APPLIES_TO_SELF_CHANGE);
}
/**
* Retrieves the list of quality requirements that must be satisfied when an
* administrator attempts to change the user's password.
*
* @return The list of password quality requirements that will be enforced
* for administrative password resets, or an empty list if no
* requirements will be imposed.
*/
@NotNull()
public List
getAdministrativeResetPasswordQualityRequirements()
{
return getPasswordQualityRequirements(
REQUIREMENT_FIELD_APPLIES_TO_ADMIN_RESET);
}
/**
* Retrieves the list of quality requirements that must be satisfied when the
* associated user authenticates in a manner that makes the clear-text
* password available to the server.
*
* @return The list of password quality requirements that will be enforced
* for binds, or an empty list if no requirements will be imposed.
*/
@NotNull()
public List getBindPasswordQualityRequirements()
{
return getPasswordQualityRequirements(REQUIREMENT_FIELD_APPLIES_TO_BIND);
}
/**
* Retrieves a list of the password quality requirements that are contained in
* the JSON object in which the indicated Boolean field is present and set to
* {@code true}.
*
* @param booleanFieldName The name of the field that is expected to be
* present with a Boolean value of true for each
* requirement to be included in the list that is
* returned.
*
* @return The appropriate list of password quality requirements, or an empty
* list if no requirements will be imposed.
*/
@NotNull()
private List getPasswordQualityRequirements(
@NotNull final String booleanFieldName)
{
final List requirementObjectLst =
passwordPolicyStateObject.getFieldAsArray(
PASSWORD_QUALITY_REQUIREMENTS.getFieldName());
if ((requirementObjectLst == null) || requirementObjectLst.isEmpty())
{
return Collections.emptyList();
}
final List requirements =
new ArrayList<>(requirementObjectLst.size());
for (final JSONValue requirementObjectValue : requirementObjectLst)
{
if (! (requirementObjectValue instanceof JSONObject))
{
continue;
}
final JSONObject requirementObject = (JSONObject) requirementObjectValue;
final Boolean include = requirementObject.getFieldAsBoolean(
booleanFieldName);
if ((include == null) || (! include.booleanValue()))
{
continue;
}
final String description =
requirementObject.getFieldAsString(REQUIREMENT_FIELD_DESCRIPTION);
if (description == null)
{
continue;
}
final String clientSideValidationType =
requirementObject.getFieldAsString(
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_TYPE);
final Map clientSideValidationProperties =
new LinkedHashMap<>();
final List propertyValues = requirementObject.getFieldAsArray(
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_PROPERTIES);
if (propertyValues != null)
{
for (final JSONValue propertyValue : propertyValues)
{
if (! (propertyValue instanceof JSONObject))
{
continue;
}
final JSONObject propertyObject = (JSONObject) propertyValue;
final String name = propertyObject.getFieldAsString(
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_PROPERTY_NAME);
final String value = propertyObject.getFieldAsString(
REQUIREMENT_FIELD_CLIENT_SIDE_VALIDATION_PROPERTY_VALUE);
if ((name != null) && (value != null))
{
clientSideValidationProperties.put(name, value);
}
}
}
requirements.add(new PasswordQualityRequirement(description,
clientSideValidationType, clientSideValidationProperties));
}
return requirements;
}
/**
* Retrieves the value of the specified field as a {@code Date}.
*
* @param field The field whose value is to be retrieved and parsed as a
* {@code Date}.
*
* @return The value of the specified field as a {@code Date}, or
* {@code null} if the field is not contained in the JSON object or
* if its value cannot be parsed as a {@code Date}.
*/
@Nullable()
private Date getDate(@NotNull final PasswordPolicyStateJSONField field)
{
final String stringValue =
passwordPolicyStateObject.getFieldAsString(field.getFieldName());
if (stringValue == null)
{
return null;
}
try
{
return StaticUtils.decodeRFC3339Time(stringValue);
}
catch (final Exception e)
{
Debug.debugException(e);
return null;
}
}
/**
* Retrieves a string representation of the password policy state information.
*
* @return A string representation of the password policy state information.
*/
@Override()
@NotNull()
public String toString()
{
return passwordPolicyStateObject.toSingleLineString();
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy