001/*
002 * Copyright 2008-2024 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2008-2024 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2008-2024 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.unboundidds.extensions;
037
038
039
040import java.io.Serializable;
041import java.text.ParseException;
042import java.util.ArrayList;
043import java.util.Date;
044
045import com.unboundid.asn1.ASN1Element;
046import com.unboundid.asn1.ASN1Enumerated;
047import com.unboundid.asn1.ASN1OctetString;
048import com.unboundid.asn1.ASN1Sequence;
049import com.unboundid.ldap.sdk.LDAPException;
050import com.unboundid.ldap.sdk.ResultCode;
051import com.unboundid.util.Debug;
052import com.unboundid.util.NotMutable;
053import com.unboundid.util.NotNull;
054import com.unboundid.util.Nullable;
055import com.unboundid.util.StaticUtils;
056import com.unboundid.util.ThreadSafety;
057import com.unboundid.util.ThreadSafetyLevel;
058
059import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*;
060
061
062
063/**
064 * This class defines an operation that may be used in conjunction with the
065 * password policy state extended operation.  A password policy state operation
066 * can be used to get or set various properties of the password policy state for
067 * a user.
068 * <BR>
069 * <BLOCKQUOTE>
070 *   <B>NOTE:</B>  This class, and other classes within the
071 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
072 *   supported for use against Ping Identity, UnboundID, and
073 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
074 *   for proprietary functionality or for external specifications that are not
075 *   considered stable or mature enough to be guaranteed to work in an
076 *   interoperable way with other types of LDAP servers.
077 * </BLOCKQUOTE>
078 * <BR>
079 * Operations that are available for use with the password policy state
080 * operation include:
081 * <UL>
082 *   <LI>Get the DN of the password policy configuration entry for the target
083 *       user.</LI>
084 *   <LI>Determine whether an account is usable (may authenticate or be used as
085 *       an alternate authorization identity.</LI>
086 *   <LI>Retrieve the set of account usability notice, warning, and error
087 *       messages for a user.</LI>
088 *   <LI>Get, set, and clear the account disabled flag for the target user.</LI>
089 *   <LI>Get, set, and clear the account activation time for the target
090 *       user.</LI>
091 *   <LI>Get, set, and clear the account expiration time for the target
092 *       user.</LI>
093 *   <LI>Get the length of time in seconds until the target user account
094 *       expires.</LI>
095 *   <LI>Get the time that the target user's password was last changed.</LI>
096 *   <LI>Get and clear the time that the first password expiration warning was
097 *       sent to the user.</LI>
098 *   <LI>Get the length of time in seconds until the target user's password
099 *       expires and the password expiration time for the account.</LI>
100 *   <LI>Get the length of time in seconds until the user should receive the
101 *       first warning about an upcoming password expiration.</LI>
102 *   <LI>Determine whether the user's password is expired.</LI>
103 *   <LI>Determine whether the account is locked because of failed
104 *       authentication attempts, an idle lockout, or a password reset
105 *       lockout.</LI>
106 *   <LI>Get, update, set, and clear the list of times that the target user has
107 *       unsuccessfully tried to authenticate since the last successful
108 *       authentication.</LI>
109 *   <LI>Get the number of remaining failed authentication attempts for the
110 *       target user before the account is locked.</LI>
111 *   <LI>Get the length of time in seconds until the target user's account is
112 *       automatically unlocked after it was locked due to failed authentication
113 *       attempts.</LI>
114 *   <LI>Get, set, and clear the time that the user last authenticated to the
115 *       server.</LI>
116 *   <LI>Get, set, and clear the IP address of the client from which the user
117 *       last authenticated to the server.</LI>
118 *   <LI>Get the length of time in seconds until the user account may be locked
119 *       after remaining idle.</LI>
120 *   <LI>Get, set, and clear the flag that controls whether the target user must
121 *       change his/her password before being allowed to perform any other
122 *       operations.</LI>
123 *   <LI>Get the length of time in seconds until the user's account is locked
124 *       after failing to change the password after an administrative
125 *       reset.</LI>
126 *   <LI>Get, update, set, and clear the times that the target user has
127 *       authenticated using a grace login after the password had expired.</LI>
128 *   <LI>Retrieve the number of remaining grace logins for the user.</LI>
129 *   <LI>Get, set, and clear the required password change time for the target
130 *       user.</LI>
131 *   <LI>Retrieve the length of time in seconds until the target user's account
132 *       will be locked as a result of failing to comply with a password change
133 *       by required time.</LI>
134 *   <LI>Get the password history count for the target user.</LI>
135 *   <LI>Clear the password history for the target user.</LI>
136 *   <LI>Get information about or purge a user's retired password.</LI>
137 *   <LI>Get information about which SASL mechanisms are available for a
138 *       user.</LI>
139 *   <LI>Get information about which OTP delivery mechanisms are available for a
140 *       user.</LI>
141 *   <LI>Determine whether a user has any TOTP shared secrets and manipulate the
142 *       registered secrets.</LI>
143 *   <LI>Get, set, and clear the public IDs of any YubiKey OTP devices
144 *       registered for a user.</LI>
145 *   <LI>Determine whether the user has a static password.</LI>
146 *   <LI>Get, set, and clear the time that the server last performed validation
147 *       on a password provided in a bind request.</LI>
148 *   <LI>Get and set whether the user's account is locked because it contains a
149 *       password that does not satisfy all of the configured password
150 *       validators.</LI>
151 *   <LI>Get and clear a user's recent login history.</LI>
152 * </UL>
153 * Note that many of these methods are dependent upon the password policy
154 * configuration for the target user and therefore some of them may not be
155 * applicable for some users.  For example, if password expiration is not
156 * enabled in the password policy associated with the target user, then
157 * operations that involve password expiration will have no effect and/or will
158 * have a return value that indicates that password expiration is not in effect.
159 */
160@NotMutable()
161@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
162public final class PasswordPolicyStateOperation
163       implements Serializable
164{
165  /**
166   * The operation type that may be used to retrieve the DN of the password
167   * policy to which the user is subject.
168   */
169  public static final int OP_TYPE_GET_PW_POLICY_DN = 0;
170
171
172
173  /**
174   * The operation type that may be used to determine whether the user account
175   * is disabled.
176   */
177  public static final int OP_TYPE_GET_ACCOUNT_DISABLED_STATE = 1;
178
179
180
181  /**
182   * The operation type that may be used to specify whether the user account is
183   * disabled.
184   */
185  public static final int OP_TYPE_SET_ACCOUNT_DISABLED_STATE = 2;
186
187
188
189  /**
190   * The operation type that may be used to clear the account disabled flag in
191   * the user's entry.
192   */
193  public static final int OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE = 3;
194
195
196
197  /**
198   * The operation type that may be used to get the time that the user's account
199   * will expire.
200   */
201  public static final int OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME = 4;
202
203
204
205  /**
206   * The operation type that may be used to set the time that the user's account
207   * will expire.
208   */
209  public static final int OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME = 5;
210
211
212
213  /**
214   * The operation type that may be used to clear the user's account expiration
215   * time.
216   */
217  public static final int OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME = 6;
218
219
220
221  /**
222   * The operation type that may be used to retrieve the length of time in
223   * seconds until the user's account expires.
224   */
225  public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION = 7;
226
227
228
229  /**
230   * The operation type that may be used to get the time that the user's
231   * password was last changed.
232   */
233  public static final int OP_TYPE_GET_PW_CHANGED_TIME = 8;
234
235
236
237  /**
238   * The operation type that may be used to set the time that the user's
239   * password was last changed.
240   */
241  public static final int OP_TYPE_SET_PW_CHANGED_TIME = 9;
242
243
244
245  /**
246   * The operation type that may be used to clear the password changed time in
247   * the user's account.
248   */
249  public static final int OP_TYPE_CLEAR_PW_CHANGED_TIME = 10;
250
251
252
253  /**
254   * The operation type that may be used to get the time that the user was
255   * first sent a password expiration warning.
256   */
257  public static final int OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME = 11;
258
259
260
261  /**
262   * The operation type that may be used to set the time that the user was
263   * first sent a password expiration warning.
264   */
265  public static final int OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME = 12;
266
267
268
269  /**
270   * The operation type that may be used to clear the password expiration warned
271   * time from the user's entry.
272   */
273  public static final int OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME = 13;
274
275
276
277  /**
278   * The operation type that may be used to get the length of time in seconds
279   * until the user's password expires.
280   */
281  public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION = 14;
282
283
284
285  /**
286   * The operation type that may be used to get the length of time in seconds
287   * until the user will be eligible to receive a password expiration warning.
288   */
289  public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING = 15;
290
291
292
293  /**
294   * The operation type that may be used to get the set of times that the user
295   * has unsuccessfully tried to authenticate since the last successful attempt.
296   */
297  public static final int OP_TYPE_GET_AUTH_FAILURE_TIMES = 16;
298
299
300
301  /**
302   * The operation type that may be used to add a new authentication failure
303   * time to the user's account.
304   */
305  public static final int OP_TYPE_ADD_AUTH_FAILURE_TIME = 17;
306
307
308
309  /**
310   * The operation type that may be used to set the set of times that the user
311   * has unsuccessfully tried to authenticate since the last successful attempt.
312   */
313  public static final int OP_TYPE_SET_AUTH_FAILURE_TIMES = 18;
314
315
316
317  /**
318   * The operation type that may be used to clear the authentication failure
319   * times in the user account.
320   */
321  public static final int OP_TYPE_CLEAR_AUTH_FAILURE_TIMES = 19;
322
323
324
325  /**
326   * The operation type that may be used to retrieve the length of time in
327   * seconds until the user's account is unlocked.
328   */
329  public static final int OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK = 20;
330
331
332
333  /**
334   * The operation type that may be used to retrieve the number of failed
335   * authentication attempts that the user has before the account is locked.
336   */
337  public static final int OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT = 21;
338
339
340
341  /**
342   * The operation type that may be used to retrieve the time that the user last
343   * authenticated to the server.
344   */
345  public static final int OP_TYPE_GET_LAST_LOGIN_TIME = 22;
346
347
348
349  /**
350   * The operation type that may be used to set the time that the user last
351   * authenticated to the server.
352   */
353  public static final int OP_TYPE_SET_LAST_LOGIN_TIME = 23;
354
355
356
357  /**
358   * The operation type that may be used to clear the last login time in the
359   * user's entry.
360   */
361  public static final int OP_TYPE_CLEAR_LAST_LOGIN_TIME = 24;
362
363
364
365  /**
366   * The operation type that may be used to get the length of time in seconds
367   * until the user account is locked due to inactivity.
368   */
369  public static final int OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT = 25;
370
371
372
373  /**
374   * The operation type that may be used to determine whether a user's password
375   * has been reset by an administrator and must be changed.
376   */
377  public static final int OP_TYPE_GET_PW_RESET_STATE = 26;
378
379
380
381  /**
382   * The operation type that may be used to set the flag to indicate whether a
383   * user's password has been reset by an administrator and must be changed.
384   */
385  public static final int OP_TYPE_SET_PW_RESET_STATE = 27;
386
387
388
389  /**
390   * The operation type that may be used to clear the password reset flag in the
391   * user's entry.
392   */
393  public static final int OP_TYPE_CLEAR_PW_RESET_STATE = 28;
394
395
396
397  /**
398   * The operation type that may be used to get the length of time in seconds
399   * until the user's account is locked due to failure to change the password
400   * after an administrative reset.
401   */
402  public static final int OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT = 29;
403
404
405
406  /**
407   * The operation type that may be used to retrieve the times that the user has
408   * authenticated using a grace login after his/her password has expired.
409   */
410  public static final int OP_TYPE_GET_GRACE_LOGIN_USE_TIMES = 30;
411
412
413
414  /**
415   * The operation type that may be used add a value to the set of times that
416   * the user has authenticated using a grace login after his/her password has
417   * expired.
418   */
419  public static final int OP_TYPE_ADD_GRACE_LOGIN_USE_TIME = 31;
420
421
422
423  /**
424   * The operation type that may be used to set the times that the user has
425   * authenticated using a grace login after his/her password has expired.
426   */
427  public static final int OP_TYPE_SET_GRACE_LOGIN_USE_TIMES = 32;
428
429
430
431  /**
432   * The operation type that may be used to clear the set of times that the user
433   * has authenticated using a grace login after his/her password has expired.
434   */
435  public static final int OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES = 33;
436
437
438
439  /**
440   * The operation type that may be used to retrieve the number of grace logins
441   * available for the user.
442   */
443  public static final int OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT = 34;
444
445
446
447  /**
448   * The operation type that may be used to retrieve the last time that the
449   * user's password was changed during a required change period.
450   */
451  public static final int OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME = 35;
452
453
454
455  /**
456   * The operation type that may be used to set the last time that the
457   * user's password was changed during a required change period.
458   */
459  public static final int OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME = 36;
460
461
462
463  /**
464   * The operation type that may be used to clear the last time that the
465   * user's password was changed during a required change period.
466   */
467  public static final int OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME = 37;
468
469
470
471  /**
472   * The operation type that may be used to get the length of time in seconds
473   * until the user's account will be locked due to a failure to change the
474   * password by a required time.
475   */
476  public static final int OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME = 38;
477
478
479
480  /**
481   * The operation type that may be used to retrieve the stored password history
482   * values for a user.
483   *
484   * @deprecated  This operation type has been deprecated in favor of the
485   *              {@link #OP_TYPE_GET_PW_HISTORY_COUNT} operation type.
486   */
487  @Deprecated()
488  public static final int OP_TYPE_GET_PW_HISTORY = 39;
489
490
491
492  /**
493   * The operation type that may be used to clear the stored password history
494   * values for a user.
495   */
496  public static final int OP_TYPE_CLEAR_PW_HISTORY = 40;
497
498
499
500  /**
501   * The operation type that may be used to determine whether a user has a valid
502   * retired password.
503   */
504  public static final int OP_TYPE_HAS_RETIRED_PASSWORD = 41;
505
506
507
508  /**
509   * The operation type that may be used to retrieve the time that the user's
510   * former password was retired.
511   */
512  public static final int OP_TYPE_GET_PASSWORD_RETIRED_TIME = 42;
513
514
515
516  /**
517   * The operation type that may be used to retrieve the time that the user's
518   * retired password will expire.
519   */
520  public static final int OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME = 43;
521
522
523
524  /**
525   * The operation type that may be used to purge any retired password from the
526   * user's entry.
527   */
528  public static final int OP_TYPE_PURGE_RETIRED_PASSWORD = 44;
529
530
531
532  /**
533   * The operation type that may be used to get the time that the user's account
534   * will become active.
535   */
536  public static final int OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME = 45;
537
538
539
540  /**
541   * The operation type that may be used to set the time that the user's account
542   * will become active.
543   */
544  public static final int OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME = 46;
545
546
547
548  /**
549   * The operation type that may be used to clear the user's account activation
550   * time.
551   */
552  public static final int OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME = 47;
553
554
555
556  /**
557   * The operation type that may be used to retrieve the length of time in
558   * seconds until the user's account will become active.
559   */
560  public static final int OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION = 48;
561
562
563
564  /**
565   * The operation type that may be used to retrieve the IP address from which
566   * the user last authenticated to the server.
567   */
568  public static final int OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS = 49;
569
570
571
572  /**
573   * The operation type that may be used to set the IP address from which the
574   * user last authenticated to the server.
575   */
576  public static final int OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS = 50;
577
578
579
580  /**
581   * The operation type that may be used to clear the last login IP address in
582   * the user's entry.
583   */
584  public static final int OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS = 51;
585
586
587
588  /**
589   * The operation type that may be used to retrieve a list of structured
590   * strings that provide information about notices pertaining to account
591   * usability.
592   */
593  public static final int OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES = 52;
594
595
596
597  /**
598   * The operation type that may be used to retrieve a list of structured
599   * strings that provide information about warnings that may affect the account
600   * usability.
601   */
602  public static final int OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS = 53;
603
604
605
606  /**
607   * The operation type that may be used to retrieve a list of structured
608   * strings that provide information about errors that may affect the account
609   * usability.
610   */
611  public static final int OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS = 54;
612
613
614
615  /**
616   * The operation type that may be used to determine whether an account is
617   * usable (i.e., the account may authenticate or be used as an alternate
618   * authorization identity).
619   */
620  public static final int OP_TYPE_GET_ACCOUNT_IS_USABLE = 55;
621
622
623
624  /**
625   * The operation type that may be used to determine whether an account is
626   * not yet active (because the account activation time is in the future).
627   */
628  public static final int OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE = 56;
629
630
631
632  /**
633   * The operation type that may be used to determine whether an account is
634   * expired (because the account expiration time is in the past).
635   */
636  public static final int OP_TYPE_GET_ACCOUNT_IS_EXPIRED = 57;
637
638
639
640  /**
641   * The operation type that may be used to determine when a user's password
642   * will expire.
643   */
644  public static final int OP_TYPE_GET_PW_EXPIRATION_TIME = 58;
645
646
647
648  /**
649   * The operation type that may be used to determine whether a user's account
650   * is locked because of too many authentication failures.
651   */
652  public static final int OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED = 59;
653
654
655
656  /**
657   * The operation type that may be used to specify whether a user's account
658   * is locked because of too many authentication failures.
659   */
660  public static final int OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED = 60;
661
662
663
664  /**
665   * The operation type that may be used to determine the failure lockout time
666   * for a user account.
667   */
668  public static final int OP_TYPE_GET_FAILURE_LOCKOUT_TIME = 61;
669
670
671
672  /**
673   * The operation type that may be used to determine whether a user's account
674   * is locked because it has been idle for too long.
675   */
676  public static final int OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED = 62;
677
678
679
680  /**
681   * The operation type that may be used to determine the idle lockout time for
682   * a user account.
683   */
684  public static final int OP_TYPE_GET_IDLE_LOCKOUT_TIME = 63;
685
686
687
688  /**
689   * The operation type that may be used to determine whether a user's account
690   * is locked because the user did not change their password in a timely manner
691   * after an administrative reset.
692   */
693  public static final int OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED = 64;
694
695
696
697  /**
698   * The operation type that may be used to determine the reset lockout time for
699   * a user account.
700   */
701  public static final int OP_TYPE_GET_RESET_LOCKOUT_TIME = 65;
702
703
704
705  /**
706   * The operation type that may be used to retrieve the password history count
707   * for a user.
708   */
709  public static final int OP_TYPE_GET_PW_HISTORY_COUNT = 66;
710
711
712
713  /**
714   * The operation type that may be used to determine whether a user's password
715   * is expired.
716   */
717  public static final int OP_TYPE_GET_PW_IS_EXPIRED = 67;
718
719
720
721  /**
722   * The operation type that may be used to retrieve a list of the SASL
723   * mechanisms that are available for a user.
724   */
725  public static final int OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS = 68;
726
727
728
729  /**
730   * The operation type that may be used to retrieve a list of the one-time
731   * password delivery mechanisms that are available for a user.
732   */
733  public static final int OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS = 69;
734
735
736
737  /**
738   * The operation type that may be used to determine whether a user has one or
739   * more TOTP shared secrets.
740   */
741  public static final int OP_TYPE_HAS_TOTP_SHARED_SECRET = 70;
742
743
744
745  /**
746   * The operation type that may be used to retrieve get the set of public IDs
747   * for the registered YubiKey OTP devices for a user.
748   */
749  public static final int OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS = 71;
750
751
752
753  /**
754   * The operation type that may be used to add a value to the set of registered
755   * YubiKey OTP device public IDs for a user.
756   */
757  public static final int OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID = 72;
758
759
760
761  /**
762   * The operation type that may be used to remove a value from the set of
763   * registered YubiKey OTP device public IDs for a user.
764   */
765  public static final int OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID = 73;
766
767
768
769  /**
770   * The operation type that may be used to replace the set of public IDs for
771   * the registered YubiKey OTP devices for a user.
772   */
773  public static final int OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS = 74;
774
775
776
777  /**
778   * The operation type that may be used to clear the set of public IDs for
779   * the registered YubiKey OTP devices for a user.
780   */
781  public static final int OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS = 75;
782
783
784
785  /**
786   * The operation type that may be used to add a value to the set of registered
787   * TOTP shared secrets for a user.
788   */
789  public static final int OP_TYPE_ADD_TOTP_SHARED_SECRET = 76;
790
791
792
793  /**
794   * The operation type that may be used to remove a value from the set of
795   * registered TOTP shared secrets for a user.
796   */
797  public static final int OP_TYPE_REMOVE_TOTP_SHARED_SECRET = 77;
798
799
800
801  /**
802   * The operation type that may be used to replace the set of registered TOTP
803   * shared secrets for a user.
804   */
805  public static final int OP_TYPE_SET_TOTP_SHARED_SECRETS = 78;
806
807
808
809  /**
810   * The operation type that may be used to clear the set of TOTP shared secrets
811   * for a user.
812   */
813  public static final int OP_TYPE_CLEAR_TOTP_SHARED_SECRETS = 79;
814
815
816
817  /**
818   * The operation type that may be used to determine whether a user has one
819   * or more registered YubiKey OTP devices.
820   * shared secret.
821   */
822  public static final int OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID = 80;
823
824
825
826  /**
827   * The operation type that may be used to determine whether a user has a
828   * static password.
829   */
830  public static final int OP_TYPE_HAS_STATIC_PASSWORD = 81;
831
832
833
834  /**
835   * The operation type that may be used to retrieve the time that the server
836   * last invoked password validation during a bind operation for a user.
837   */
838  public static final int OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME = 82;
839
840
841
842  /**
843   * The operation type that may be used to retrieve the length of time in
844   * seconds since the server last invoked password validation during a bind
845   * operation.
846   */
847  public static final int
848       OP_TYPE_GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION = 83;
849
850
851
852  /**
853   * The operation type that may be used to set the time that the server last
854   * invoked password validation during a bind operation for a user.
855   */
856  public static final int OP_TYPE_SET_LAST_BIND_PASSWORD_VALIDATION_TIME = 84;
857
858
859
860  /**
861   * The operation type that may be used to clear the time that the server last
862   * invoked password validation during a bind operation for a user.
863   */
864  public static final int OP_TYPE_CLEAR_LAST_BIND_PASSWORD_VALIDATION_TIME = 85;
865
866
867
868  /**
869   * The operation type that may be used to determine whether a user's account
870   * is locked because it contains a password that does not satisfy all of the
871   * configured password validators.
872   */
873  public static final int OP_TYPE_GET_ACCOUNT_IS_VALIDATION_LOCKED = 86;
874
875
876
877  /**
878   * The operation type that may be used to specify whether a user's account
879   * is locked because it contains a password that does not satisfy all of the
880   * configured password validators.
881   */
882  public static final int OP_TYPE_SET_ACCOUNT_IS_VALIDATION_LOCKED = 87;
883
884
885
886  /**
887   * The operation type that may be used to retrieve a user's recent login
888   * history.
889   */
890  public static final int OP_TYPE_GET_RECENT_LOGIN_HISTORY = 88;
891
892
893
894  /**
895   * The operation type that may be used to clear a user's recent login history.
896   */
897  public static final int OP_TYPE_CLEAR_RECENT_LOGIN_HISTORY = 89;
898
899
900
901  /**
902   * The set of values that will be used if there are no values.
903   */
904  @NotNull private static final ASN1OctetString[] NO_VALUES =
905       new ASN1OctetString[0];
906
907
908
909  /**
910   * The serial version UID for this serializable class.
911   */
912  private static final long serialVersionUID = -7711496660183073026L;
913
914
915
916  // The set of values for this operation.
917  @NotNull private final ASN1OctetString[] values;
918
919  // The operation type for this operation.
920  private final int opType;
921
922
923
924  /**
925   * Creates a new password policy state operation with the specified operation
926   * type and no values.
927   *
928   * @param  opType  The operation type for this password policy state
929   *                 operation.
930   */
931  public PasswordPolicyStateOperation(final int opType)
932  {
933    this(opType, NO_VALUES);
934  }
935
936
937
938  /**
939   * Creates a new password policy state operation with the specified operation
940   * type and set of values.
941   *
942   * @param  opType  The operation type for this password policy state
943   *                 operation.
944   * @param  values  The set of values for this password policy state operation.
945   */
946  public PasswordPolicyStateOperation(final int opType,
947                                      @Nullable final ASN1OctetString[] values)
948  {
949    this.opType = opType;
950
951    if (values == null)
952    {
953      this.values = NO_VALUES;
954    }
955    else
956    {
957      this.values = values;
958    }
959  }
960
961
962
963  /**
964   * Creates a new password policy state operation that may be used to request
965   * the DN of the password policy configuration entry for the user.  The result
966   * returned should include an operation of type
967   * {@link #OP_TYPE_GET_PW_POLICY_DN} with a single string value that is the
968   * DN of the password policy configuration entry.
969   *
970   * @return The created password policy state operation.
971   */
972  @NotNull()
973  public static PasswordPolicyStateOperation
974                     createGetPasswordPolicyDNOperation()
975  {
976    return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_POLICY_DN);
977  }
978
979
980
981  /**
982   * Creates a new password policy state operation that may be used to determine
983   * whether the user account is disabled.  The result returned should include
984   * an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a
985   * single boolean value of {@code true} if the account is disabled, or
986   * {@code false} if the account is not disabled.
987   *
988   * @return The created password policy state operation.
989   */
990  @NotNull()
991  public static PasswordPolicyStateOperation
992                     createGetAccountDisabledStateOperation()
993  {
994    return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_DISABLED_STATE);
995  }
996
997
998
999  /**
1000   * Creates a new password policy state operation that may be used to specify
1001   * whether the user account is disabled.  The result returned should include
1002   * an operation of type {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a
1003   * single boolean value of {@code true} if the account has been disabled, or
1004   * {@code false} if the account is not disabled.
1005   *
1006   * @param  isDisabled  Indicates whether the user account should be disabled.
1007   *
1008   * @return The created password policy state operation.
1009   */
1010  @NotNull()
1011  public static PasswordPolicyStateOperation
1012                     createSetAccountDisabledStateOperation(
1013                          final boolean isDisabled)
1014  {
1015    final ASN1OctetString[] values =
1016    {
1017      new ASN1OctetString(String.valueOf(isDisabled))
1018    };
1019
1020    return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_DISABLED_STATE,
1021         values);
1022  }
1023
1024
1025
1026  /**
1027   * Creates a new password policy state operation that may be used to clear
1028   * the user account disabled state in the user's entry.  The result returned
1029   * should include an operation of type
1030   * {@link #OP_TYPE_GET_ACCOUNT_DISABLED_STATE} with a single boolean value of
1031   * {@code true} if the account is disabled, or {@code false} if the account is
1032   * not disabled.
1033   *
1034   * @return The created password policy state operation.
1035   */
1036  @NotNull()
1037  public static PasswordPolicyStateOperation
1038                     createClearAccountDisabledStateOperation()
1039  {
1040    return new PasswordPolicyStateOperation(
1041         OP_TYPE_CLEAR_ACCOUNT_DISABLED_STATE);
1042  }
1043
1044
1045
1046  /**
1047   * Creates a new password policy state operation that may be used to retrieve
1048   * the time that the user's account will become active.  The result returned
1049   * should include an operation of type
1050   * {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value
1051   * that is the generalized time representation of the account activation time,
1052   * or a {@code null} value if the account does not have an activation time.
1053   *
1054   * @return The created password policy state operation.
1055   */
1056  @NotNull()
1057  public static PasswordPolicyStateOperation
1058                     createGetAccountActivationTimeOperation()
1059  {
1060    return new PasswordPolicyStateOperation(
1061         OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME);
1062  }
1063
1064
1065
1066  /**
1067   * Creates a new password policy state operation that may be used to set the
1068   * time that the user's account expires.  The result returned should include
1069   * an operation of type {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a
1070   * single string value that is the generalized time representation of the
1071   * account activation time, or a {@code null} value if the account does not
1072   * have an activation time.
1073   *
1074   * @param  expirationTime  The time that the user's account should expire.  It
1075   *                         may be {@code null} if the server should use the
1076   *                         current time.
1077   *
1078   * @return The created password policy state operation.
1079   */
1080  @NotNull()
1081  public static PasswordPolicyStateOperation
1082                     createSetAccountActivationTimeOperation(
1083                          @Nullable final Date expirationTime)
1084  {
1085    return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_ACTIVATION_TIME,
1086         createValues(expirationTime));
1087  }
1088
1089
1090
1091  /**
1092   * Creates a new password policy state operation that may be used to clear
1093   * the account expiration time in the user's entry.  The result returned
1094   * should include an operation of type
1095   * {@link #OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME} with a single string value
1096   * that is the generalized time representation of the account activation time,
1097   * or a {@code null} value if the account does not have an activation time.
1098   *
1099   * @return  The created password policy state operation.
1100   */
1101  @NotNull()
1102  public static PasswordPolicyStateOperation
1103                     createClearAccountActivationTimeOperation()
1104  {
1105    return new PasswordPolicyStateOperation(
1106                    OP_TYPE_CLEAR_ACCOUNT_ACTIVATION_TIME);
1107  }
1108
1109
1110
1111  /**
1112   * Creates a new password policy state operation that may be used to determine
1113   * the length of time in seconds until the user's account becomes active.  The
1114   * result returned should include an operation of type
1115   * {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION} with a single integer
1116   * value representing the number of seconds until the account becomes active,
1117   * or a {@code null} value if the account does not have an activation time.
1118   *
1119   * @return  The created password policy state operation.
1120   */
1121  @NotNull()
1122  public static PasswordPolicyStateOperation
1123                     createGetSecondsUntilAccountActivationOperation()
1124  {
1125    return new PasswordPolicyStateOperation(
1126         OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION);
1127  }
1128
1129
1130
1131  /**
1132   * Creates a new password policy state operation that may be used to retrieve
1133   * the time that the user's account expires.  The result returned should
1134   * include an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME}
1135   * with a single string value that is the generalized time representation of
1136   * the account expiration time, or a {@code null} value if the account does
1137   * not have an expiration time.
1138   *
1139   * @return  The created password policy state operation.
1140   */
1141  @NotNull()
1142  public static PasswordPolicyStateOperation
1143                     createGetAccountExpirationTimeOperation()
1144  {
1145    return new PasswordPolicyStateOperation(
1146         OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME);
1147  }
1148
1149
1150
1151  /**
1152   * Creates a new password policy state operation that may be used to set the
1153   * time that the user's account expires.  The result returned should include
1154   * an operation of type {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a
1155   * single string value that is the generalized time representation of the
1156   * account expiration time, or a {@code null} value if the account does not
1157   * have an expiration time.
1158   *
1159   * @param  expirationTime  The time that the user's account should expire.  It
1160   *                         may be {@code null} if the server should use the
1161   *                         current time.
1162   *
1163   * @return  The created password policy state operation.
1164   */
1165  @NotNull()
1166  public static PasswordPolicyStateOperation
1167                     createSetAccountExpirationTimeOperation(
1168                          @Nullable final Date expirationTime)
1169  {
1170    return new PasswordPolicyStateOperation(OP_TYPE_SET_ACCOUNT_EXPIRATION_TIME,
1171         createValues(expirationTime));
1172  }
1173
1174
1175
1176  /**
1177   * Creates a new password policy state operation that may be used to clear
1178   * the account expiration time in the user's entry.  The result returned
1179   * should include an operation of type
1180   * {@link #OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME} with a single string value
1181   * that is the generalized time representation of the account expiration time,
1182   * or a {@code null} value if the account does not have an expiration time.
1183   *
1184   * @return  The created password policy state operation.
1185   */
1186  @NotNull()
1187  public static PasswordPolicyStateOperation
1188                     createClearAccountExpirationTimeOperation()
1189  {
1190    return new PasswordPolicyStateOperation(
1191         OP_TYPE_CLEAR_ACCOUNT_EXPIRATION_TIME);
1192  }
1193
1194
1195
1196  /**
1197   * Creates a new password policy state operation that may be used to determine
1198   * the length of time in seconds until the user's account is expired.  The
1199   * result returned should include an operation of type
1200   * {@link #OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION} with a single integer
1201   * value representing the number of seconds until the account will expire, or
1202   * a {@code null} value if the account does not have an expiration time.
1203   *
1204   * @return  The created password policy state operation.
1205   */
1206  @NotNull()
1207  public static PasswordPolicyStateOperation
1208                     createGetSecondsUntilAccountExpirationOperation()
1209  {
1210    return new PasswordPolicyStateOperation(
1211         OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION);
1212  }
1213
1214
1215
1216  /**
1217   * Creates a new password policy state operation that may be used to determine
1218   * when the user's password was last changed.  The result returned should
1219   * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a
1220   * single string value that is the generalized time representation of the
1221   * time the password was last changed.
1222   *
1223   * @return  The created password policy state operation.
1224   */
1225  @NotNull()
1226  public static PasswordPolicyStateOperation
1227                     createGetPasswordChangedTimeOperation()
1228  {
1229    return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_CHANGED_TIME);
1230  }
1231
1232
1233
1234  /**
1235   * Creates a new password policy state operation that may be used to specify
1236   * when the user's password was last changed.  The result returned should
1237   * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a
1238   * single string value that is the generalized time representation of the
1239   * time the password was last changed.
1240   *
1241   * @param  passwordChangedTime  The time the user's password was last changed.
1242   *                              It may be {@code null} if the server should
1243   *                              use the current time.
1244   *
1245   * @return  The created password policy state operation.
1246   */
1247  @NotNull()
1248  public static PasswordPolicyStateOperation
1249                     createSetPasswordChangedTimeOperation(
1250                          @Nullable final Date passwordChangedTime)
1251  {
1252    return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_CHANGED_TIME,
1253         createValues(passwordChangedTime));
1254  }
1255
1256
1257
1258  /**
1259   * Creates a new password policy state operation that may be used to clear
1260   * the password changed time from a user's entry.  The result returned should
1261   * include an operation of type {@link #OP_TYPE_GET_PW_CHANGED_TIME} with a
1262   * single string value that is the generalized time representation of the
1263   * time the password was last changed, or {@code null} if it can no longer be
1264   * determined.
1265   *
1266   * @return  The created password policy state operation.
1267   */
1268  @NotNull()
1269  public static PasswordPolicyStateOperation
1270                     createClearPasswordChangedTimeOperation()
1271  {
1272    return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_CHANGED_TIME);
1273  }
1274
1275
1276
1277  /**
1278   * Creates a new password policy state operation that may be used to determine
1279   * when the user first received a password expiration warning.  The result
1280   * returned should include an operation of type
1281   * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value
1282   * that is the generalized time representation of the time the user received
1283   * the first expiration warning.
1284   *
1285   * @return  The created password policy state operation.
1286   */
1287  @NotNull()
1288  public static PasswordPolicyStateOperation
1289                     createGetPasswordExpirationWarnedTimeOperation()
1290  {
1291    return new PasswordPolicyStateOperation(
1292         OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME);
1293  }
1294
1295
1296
1297  /**
1298   * Creates a new password policy state operation that may be used to specify
1299   * when the user first received a password expiration warning.  The result
1300   * returned should include an operation of type
1301   * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value
1302   * that is the generalized time representation of the time the user received
1303   * the first expiration warning.
1304   *
1305   * @param  passwordExpirationWarnedTime  The password expiration warned time
1306   *                                       for the user.  It may be {@code null}
1307   *                                       if the server should use the current
1308   *                                       time.
1309   *
1310   * @return  The created password policy state operation.
1311   */
1312  @NotNull()
1313  public static PasswordPolicyStateOperation
1314                     createSetPasswordExpirationWarnedTimeOperation(
1315                          @Nullable final Date passwordExpirationWarnedTime)
1316  {
1317    return new PasswordPolicyStateOperation(
1318         OP_TYPE_SET_PW_EXPIRATION_WARNED_TIME,
1319         createValues(passwordExpirationWarnedTime));
1320  }
1321
1322
1323
1324  /**
1325   * Creates a new password policy state operation that may be used to clear the
1326   * password expiration warned time from the user's entry.  The result returned
1327   * should include an operation of type
1328   * {@link #OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME} with a single string value
1329   * that is the generalized time representation of the time the user received
1330   * the first expiration warning.
1331   *
1332   * @return  The created password policy state operation.
1333   */
1334  @NotNull()
1335  public static PasswordPolicyStateOperation
1336                     createClearPasswordExpirationWarnedTimeOperation()
1337  {
1338    return new PasswordPolicyStateOperation(
1339         OP_TYPE_CLEAR_PW_EXPIRATION_WARNED_TIME);
1340  }
1341
1342
1343
1344  /**
1345   * Creates a new password policy state operation that may be used to determine
1346   * the length of time in seconds until the user's password expires.  The
1347   * result returned should include an operation of type
1348   * {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION} with a single integer
1349   * value that is the number of seconds until the user's password expires, or
1350   * a {@code null} value if the user's password will not expire.
1351   *
1352   * @return  The created password policy state operation.
1353   */
1354  @NotNull()
1355  public static PasswordPolicyStateOperation
1356                     createGetSecondsUntilPasswordExpirationOperation()
1357  {
1358    return new PasswordPolicyStateOperation(
1359         OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION);
1360  }
1361
1362
1363
1364  /**
1365   * Creates a new password policy state operation that may be used to determine
1366   * the length of time in seconds until the user is eligible to start receiving
1367   * password expiration warnings.  The result returned should include an
1368   * operation of type {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING}
1369   * with a single integer value that is the number of seconds until the user is
1370   * eligible to receive the first expiration warning, or a {@code null} value
1371   * if the user's password will not expire.
1372   *
1373   * @return  The created password policy state operation.
1374   */
1375  @NotNull()
1376  public static PasswordPolicyStateOperation
1377                     createGetSecondsUntilPasswordExpirationWarningOperation()
1378  {
1379    return new PasswordPolicyStateOperation(
1380         OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING);
1381  }
1382
1383
1384
1385  /**
1386   * Creates a new password policy state operation that may be used to retrieve
1387   * the times that the user has unsuccessfully tried to authenticate since the
1388   * last successful authentication.  The result returned should include an
1389   * operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of
1390   * string values representing the timestamps (in generalized time format) of
1391   * the authentication failures.
1392   *
1393   * @return  The created password policy state operation.
1394   */
1395  @NotNull()
1396  public static PasswordPolicyStateOperation
1397                     createGetAuthenticationFailureTimesOperation()
1398  {
1399    return new PasswordPolicyStateOperation(OP_TYPE_GET_AUTH_FAILURE_TIMES);
1400  }
1401
1402
1403
1404  /**
1405   * Creates a new password policy state operation that may be used to add the
1406   * current time to the set of times that the user has unsuccessfully tried to
1407   * authenticate since the last successful authentication.  The result returned
1408   * should include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES}
1409   * with an array of string values representing the timestamps (in generalized
1410   * time format) of the authentication failures.
1411   *
1412   * @return  The created password policy state operation.
1413   */
1414  @NotNull()
1415  public static PasswordPolicyStateOperation
1416                     createAddAuthenticationFailureTimeOperation()
1417  {
1418    return createAddAuthenticationFailureTimeOperation(null);
1419  }
1420
1421
1422
1423  /**
1424   * Creates a new password policy state operation that may be used to add the
1425   * specified values to the set of times that the user has unsuccessfully tried
1426   * to authenticate since the last successful authentication.  The result
1427   * returned should include an operation of type
1428   * {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of string values
1429   * representing the timestamps (in generalized time format) of the
1430   * authentication failures.
1431   *
1432   * @param  authFailureTimes  The set of authentication failure time values to
1433   *                           add.  It may be {@code null} or empty if the
1434   *                           server should add the current time.
1435   *
1436   * @return  The created password policy state operation.
1437   */
1438  @NotNull()
1439  public static PasswordPolicyStateOperation
1440                     createAddAuthenticationFailureTimeOperation(
1441                          @Nullable final Date[] authFailureTimes)
1442  {
1443    return new PasswordPolicyStateOperation(OP_TYPE_ADD_AUTH_FAILURE_TIME,
1444         createValues(authFailureTimes));
1445  }
1446
1447
1448
1449  /**
1450   * Creates a new password policy state operation that may be used to specify
1451   * the set of times that the user has unsuccessfully tried to authenticate
1452   * since the last successful authentication.  The result returned should
1453   * include an operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with
1454   * an array of string values representing the timestamps (in generalized time
1455   * format) of the authentication failures.
1456   *
1457   * @param  authFailureTimes  The set of times that the user has unsuccessfully
1458   *                           tried to authenticate since the last successful
1459   *                           authentication.  It may be {@code null} or empty
1460   *                           if the server should use the current time as the
1461   *                           only failure time.
1462   *
1463   * @return  The created password policy state operation.
1464   */
1465  @NotNull()
1466  public static PasswordPolicyStateOperation
1467                     createSetAuthenticationFailureTimesOperation(
1468                          @Nullable final Date[] authFailureTimes)
1469  {
1470    return new PasswordPolicyStateOperation(OP_TYPE_SET_AUTH_FAILURE_TIMES,
1471         createValues(authFailureTimes));
1472  }
1473
1474
1475
1476  /**
1477   * Creates a new password policy state operation that may be used to clear the
1478   * set of times that the user has unsuccessfully tried to authenticate since
1479   * the last successful authentication.  The result returned should include an
1480   * operation of type {@link #OP_TYPE_GET_AUTH_FAILURE_TIMES} with an array of
1481   * string values representing the timestamps (in generalized time format) of
1482   * the authentication failures.
1483   *
1484   * @return  The created password policy state operation.
1485   */
1486  @NotNull()
1487  public static PasswordPolicyStateOperation
1488                     createClearAuthenticationFailureTimesOperation()
1489  {
1490    return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_AUTH_FAILURE_TIMES);
1491  }
1492
1493
1494
1495  /**
1496   * Creates a new password policy state operation that may be used to determine
1497   * the length of time in seconds until the user's account is automatically
1498   * unlocked after too many failed authentication attempts.  The result
1499   * returned should include an operation of type
1500   * {@link #OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK} with a single
1501   * integer value that represents the number of seconds until the account
1502   * becomes unlocked, or a {@code null} value if the account is not temporarily
1503   * locked as a result of authentication failures.
1504   *
1505   * @return  The created password policy state operation.
1506   */
1507  @NotNull()
1508  public static PasswordPolicyStateOperation
1509                     createGetSecondsUntilAuthenticationFailureUnlockOperation()
1510  {
1511    return new PasswordPolicyStateOperation(
1512         OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK);
1513  }
1514
1515
1516
1517  /**
1518   * Creates a new password policy state operation that may be used to determine
1519   * the number of authentication failures required to lock the user's account.
1520   * The result returned should include an operation of type
1521   * {@link #OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT} with a single integer
1522   * value that represents the number of authentication failures that a user
1523   * will be permitted before the account is locked, or a {@code null} value if
1524   * the password policy is not configured to lock accounts as a result of too
1525   * many failed authentication attempts.
1526   *
1527   * @return  The created password policy state operation.
1528   */
1529  @NotNull()
1530  public static PasswordPolicyStateOperation
1531                     createGetRemainingAuthenticationFailureCountOperation()
1532  {
1533    return new PasswordPolicyStateOperation(
1534         OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT);
1535  }
1536
1537
1538
1539  /**
1540   * Creates a new password policy state operation that may be used to determine
1541   * the time that the user last successfully authenticated to the server.  The
1542   * result returned should include an operation of type
1543   * {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is
1544   * the generalized time representation of the user's last login time, or a
1545   * {@code null} value if no last login time is available.
1546   *
1547   * @return  The created password policy state operation.
1548   */
1549  @NotNull()
1550  public static PasswordPolicyStateOperation createGetLastLoginTimeOperation()
1551  {
1552    return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_TIME);
1553  }
1554
1555
1556
1557  /**
1558   * Creates a new password policy state operation that may be used to set
1559   * the time that the user last successfully authenticated to the server.  The
1560   * result returned should include an operation of type
1561   * {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a single string value that is
1562   * the generalized time representation of the user's last login time, or a
1563   * {@code null} value if no last login time is available.
1564   *
1565   * @param  lastLoginTime  The last login time to set in the user's entry.  It
1566   *                        may be {@code null} if the server should use the
1567   *                        current time.
1568   *
1569   * @return  The created password policy state operation.
1570   */
1571  @NotNull()
1572  public static PasswordPolicyStateOperation
1573                     createSetLastLoginTimeOperation(
1574                          @Nullable final Date lastLoginTime)
1575  {
1576    return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_TIME,
1577         createValues(lastLoginTime));
1578  }
1579
1580
1581
1582  /**
1583   * Creates a new password policy state operation that may be used to clear
1584   * the last login time from the user's entry.  The result returned should
1585   * include an operation of type {@link #OP_TYPE_GET_LAST_LOGIN_TIME} with a
1586   * single string value that is the generalized time representation of the
1587   * user's last login time, or a {@code null} value if no last login time is
1588   * available.
1589   *
1590   * @return  The created password policy state operation.
1591   */
1592  @NotNull()
1593  public static PasswordPolicyStateOperation createClearLastLoginTimeOperation()
1594  {
1595    return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_LAST_LOGIN_TIME);
1596  }
1597
1598
1599
1600  /**
1601   * Creates a new password policy state operation that may be used to determine
1602   * the IP address from which the user last successfully authenticated to the
1603   * server.  The result returned should include an operation of type
1604   * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that
1605   * is the user's last login IP address, or a {@code null} value if no last
1606   * login IP address is available.
1607   *
1608   * @return  The created password policy state operation.
1609   */
1610  @NotNull()
1611  public static PasswordPolicyStateOperation
1612                     createGetLastLoginIPAddressOperation()
1613  {
1614    return new PasswordPolicyStateOperation(OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS);
1615  }
1616
1617
1618
1619  /**
1620   * Creates a new password policy state operation that may be used to set
1621   * the IP address from which the user last successfully authenticated to the
1622   * server.  The result returned should include an operation of type
1623   * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that
1624   * is the user's last login IP address, or a {@code null} value if no last
1625   * login IP address is available.
1626   *
1627   * @param  lastLoginIPAddress  The last login IP address to set in the user's
1628   *                             entry.  It must not be {@code null}.
1629   *
1630   * @return  The created password policy state operation.
1631   */
1632  @NotNull()
1633  public static PasswordPolicyStateOperation
1634                     createSetLastLoginIPAddressOperation(
1635                          @NotNull final String lastLoginIPAddress)
1636  {
1637    final ASN1OctetString[] values =
1638    {
1639      new ASN1OctetString(lastLoginIPAddress)
1640    };
1641
1642    return new PasswordPolicyStateOperation(OP_TYPE_SET_LAST_LOGIN_IP_ADDRESS,
1643         values);
1644  }
1645
1646
1647
1648  /**
1649   * Creates a new password policy state operation that may be used to clear
1650   * the last login IP address from the user's entry.  The result returned
1651   * should include an operation of type
1652   * {@link #OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS} with a single string value that
1653   * is the user's last login IP address, or a {@code null} value if no last
1654   * login IP address is available.
1655   *
1656   * @return  The created password policy state operation.
1657   */
1658  @NotNull()
1659  public static PasswordPolicyStateOperation
1660                     createClearLastLoginIPAddressOperation()
1661  {
1662    return new PasswordPolicyStateOperation(
1663         OP_TYPE_CLEAR_LAST_LOGIN_IP_ADDRESS);
1664  }
1665
1666
1667
1668  /**
1669   * Creates a new password policy state operation that may be used to determine
1670   * the length of time in seconds until the user's account is locked due to
1671   * inactivity.  The result returned should include an operation of type
1672   * {@link #OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT} with a single integer value
1673   * that represents the number of seconds until the user's account is locked as
1674   * a result of being idle for too long, or a {@code null} value if no idle
1675   * account lockout is configured.
1676   *
1677   * @return  The created password policy state operation.
1678   */
1679  @NotNull()
1680  public static PasswordPolicyStateOperation
1681                     createGetSecondsUntilIdleLockoutOperation()
1682  {
1683    return new PasswordPolicyStateOperation(
1684         OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT);
1685  }
1686
1687
1688
1689  /**
1690   * Creates a new password policy state operation that may be used to determine
1691   * whether the user's password has been reset by an administrator and must be
1692   * changed before performing any other operations.  The result returned should
1693   * include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a
1694   * single boolean value of {@code true} if the user's password must be changed
1695   * before the account can be used, or {@code false} if not.
1696   *
1697   * @return  The created password policy state operation.
1698   */
1699  @NotNull()
1700  public static PasswordPolicyStateOperation
1701                     createGetPasswordResetStateOperation()
1702  {
1703    return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_RESET_STATE);
1704  }
1705
1706
1707
1708  /**
1709   * Creates a new password policy state operation that may be used to specify
1710   * whether the user's password has been reset by an administrator and must be
1711   * changed before performing any other operations.  The result returned should
1712   * include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE} with a
1713   * single boolean value of {@code true} if the user's password must be changed
1714   * before the account can be used, or {@code false} if not.
1715   *
1716   * @param  isReset  Specifies whether the user's password must be changed
1717   *                  before performing any other operations.
1718   *
1719   * @return  The created password policy state operation.
1720   */
1721  @NotNull()
1722  public static PasswordPolicyStateOperation
1723                     createSetPasswordResetStateOperation(final boolean isReset)
1724  {
1725    final ASN1OctetString[] values =
1726    {
1727      new ASN1OctetString(String.valueOf(isReset))
1728    };
1729
1730    return new PasswordPolicyStateOperation(OP_TYPE_SET_PW_RESET_STATE, values);
1731  }
1732
1733
1734
1735  /**
1736   * Creates a new password policy state operation that may be used to clear the
1737   * password reset state information in the user's entry.  The result returned
1738   * should include an operation of type {@link #OP_TYPE_GET_PW_RESET_STATE}
1739   * with a single boolean value of {@code true} if the user's password must be
1740   * changed before the account can be used, or {@code false} if not.
1741   *
1742   * @return  The created password policy state operation.
1743   */
1744  @NotNull()
1745  public static PasswordPolicyStateOperation
1746                     createClearPasswordResetStateOperation()
1747  {
1748    return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_RESET_STATE);
1749  }
1750
1751
1752
1753  /**
1754   * Creates a new password policy state operation that may be used to determine
1755   * the length of time in seconds that the user has left to change his/her
1756   * password after an administrative reset before the account is locked.  The
1757   * result returned should include an operation of type
1758   * {@link #OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT} with a single integer
1759   * value that represents the number of seconds until the user's account will
1760   * be locked unless the password is reset, or a {@code null} value if the
1761   * user's password is not in a "must change" state.
1762   *
1763   * @return  The created password policy state operation.
1764   */
1765  @NotNull()
1766  public static PasswordPolicyStateOperation
1767                     createGetSecondsUntilPasswordResetLockoutOperation()
1768  {
1769    return new PasswordPolicyStateOperation(
1770         OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT);
1771  }
1772
1773
1774
1775  /**
1776   * Creates a new password policy state operation that may be used to retrieve
1777   * the set of times that the user has authenticated using grace logins since
1778   * his/her password expired.  The result returned should include an operation
1779   * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string
1780   * values in generalized time format.
1781   *
1782   * @return  The created password policy state operation.
1783   */
1784  @NotNull()
1785  public static PasswordPolicyStateOperation
1786                     createGetGraceLoginUseTimesOperation()
1787  {
1788    return new PasswordPolicyStateOperation(OP_TYPE_GET_GRACE_LOGIN_USE_TIMES);
1789  }
1790
1791
1792
1793  /**
1794   * Creates a new password policy state operation that may be used to add the
1795   * current time to the set of times that the user has authenticated using
1796   * grace logins since his/her password expired.  The result returned should
1797   * include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES}
1798   * with an array of string values in generalized time format.
1799   *
1800   * @return  The created password policy state operation.
1801   */
1802  @NotNull()
1803  public static PasswordPolicyStateOperation
1804                     createAddGraceLoginUseTimeOperation()
1805  {
1806    return createAddGraceLoginUseTimeOperation(null);
1807  }
1808
1809
1810
1811  /**
1812   * Creates a new password policy state operation that may be used to add the
1813   * current time to the set of times that the user has authenticated using
1814   * grace logins since his/her password expired.  The result returned should
1815   * include an operation of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES}
1816   * with an array of string values in generalized time format.
1817   *
1818   * @param  graceLoginUseTimes  The set of grace login use times to add.  It
1819   *                             may be {@code null} or empty if the server
1820   *                             should add the current time to the set of grace
1821   *                             login times.
1822   *
1823   * @return  The created password policy state operation.
1824   */
1825  @NotNull()
1826  public static PasswordPolicyStateOperation
1827                     createAddGraceLoginUseTimeOperation(
1828                          @Nullable final Date[] graceLoginUseTimes)
1829  {
1830    return new PasswordPolicyStateOperation(OP_TYPE_ADD_GRACE_LOGIN_USE_TIME,
1831         createValues(graceLoginUseTimes));
1832  }
1833
1834
1835
1836  /**
1837   * Creates a new password policy state operation that may be used to specify
1838   * the set of times that the user has authenticated using grace logins since
1839   * his/her password expired.  The result returned should include an operation
1840   * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string
1841   * values in generalized time format.
1842   *
1843   * @param  graceLoginUseTimes  The set of times that the user has
1844   *                             authenticated using grace logins since his/her
1845   *                             password expired.  It amy be {@code null} or
1846   *                             empty if the server should use the current time
1847   *                             as the only grace login use time.
1848   *
1849   * @return  The created password policy state operation.
1850   */
1851  @NotNull()
1852  public static PasswordPolicyStateOperation
1853                     createSetGraceLoginUseTimesOperation(
1854                          @Nullable final Date[] graceLoginUseTimes)
1855  {
1856    return new PasswordPolicyStateOperation(OP_TYPE_SET_GRACE_LOGIN_USE_TIMES,
1857         createValues(graceLoginUseTimes));
1858  }
1859
1860
1861
1862  /**
1863   * Creates a new password policy state operation that may be used to clear
1864   * the set of times that the user has authenticated using grace logins since
1865   * his/her password expired.  The result returned should include an operation
1866   * of type {@link #OP_TYPE_GET_GRACE_LOGIN_USE_TIMES} with an array of string
1867   * values in generalized time format.
1868   *
1869   * @return  The created password policy state operation.
1870   */
1871  @NotNull()
1872  public static PasswordPolicyStateOperation
1873                     createClearGraceLoginUseTimesOperation()
1874  {
1875    return new PasswordPolicyStateOperation(
1876         OP_TYPE_CLEAR_GRACE_LOGIN_USE_TIMES);
1877  }
1878
1879
1880
1881  /**
1882   * Creates a new password policy state operation that may be used to retrieve
1883   * the number of remaining grace logins available to the user.  The result
1884   * returned should include an operation of type
1885   * {@link #OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT} with a single integer
1886   * value that represents the number of remaining grace logins, or a
1887   * {@code null} value if grace login functionality is not enabled for the
1888   * user.
1889   *
1890   * @return  The created password policy state operation.
1891   */
1892  @NotNull()
1893  public static PasswordPolicyStateOperation
1894                     createGetRemainingGraceLoginCountOperation()
1895  {
1896    return new PasswordPolicyStateOperation(
1897         OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT);
1898  }
1899
1900
1901
1902  /**
1903   * Creates a new password policy state operation that may be used to retrieve
1904   * the last required password change time that with which the user has
1905   * complied.  The result returned should include an operation of type
1906   * {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string
1907   * value that is the generalized time representation of the most recent
1908   * required password change time with which the user complied, or a
1909   * {@code null} value if this is not available for the user.
1910   *
1911   * @return  The created password policy state operation.
1912   */
1913  @NotNull()
1914  public static PasswordPolicyStateOperation
1915                     createGetPasswordChangedByRequiredTimeOperation()
1916  {
1917    return new PasswordPolicyStateOperation(
1918         OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME);
1919  }
1920
1921
1922
1923  /**
1924   * Creates a new password policy state operation that may be used to update
1925   * the user's entry to indicate that he/she has complied with the required
1926   * password change time.  The result returned should include an operation of
1927   * type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string
1928   * value that is the generalized time representation of the most recent
1929   * required password change time with which the user complied, or a
1930   * {@code null} value if this is not available for the user.
1931   *
1932   * @return  The created password policy state operation.
1933   */
1934  @NotNull()
1935  public static PasswordPolicyStateOperation
1936                     createSetPasswordChangedByRequiredTimeOperation()
1937  {
1938    return createSetPasswordChangedByRequiredTimeOperation(null);
1939  }
1940
1941
1942
1943  /**
1944   * Creates a new password policy state operation that may be used to update
1945   * the user's entry to indicate that he/she has complied with the required
1946   * password change time.  The result returned should include an operation of
1947   * type {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string
1948   * value that is the generalized time representation of the most recent
1949   * required password change time with which the user complied, or a
1950   * {@code null} value if this is not available for the user.
1951   *
1952   * @param  requiredTime  The required password changed time with which the
1953   *                       user has complied.  It may be {@code null} if the
1954   *                       server should use the most recent required change
1955   *                       time.
1956   *
1957   * @return  The created password policy state operation.
1958   */
1959  @NotNull()
1960  public static PasswordPolicyStateOperation
1961                     createSetPasswordChangedByRequiredTimeOperation(
1962                          @Nullable final Date requiredTime)
1963  {
1964    return new PasswordPolicyStateOperation(
1965         OP_TYPE_SET_PW_CHANGED_BY_REQUIRED_TIME, createValues(requiredTime));
1966  }
1967
1968
1969
1970  /**
1971   * Creates a new password policy state operation that may be used to clear
1972   * the last required password change time from the user's entry.  The result
1973   * returned should include an operation of type
1974   * {@link #OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME} with a single string value
1975   * that is the generalized time representation of the most recent required
1976   * password change time with which the user complied, or a {@code null} value
1977   * if this is not available for the user.
1978   *
1979   * @return  The created password policy state operation.
1980   */
1981  @NotNull()
1982  public static PasswordPolicyStateOperation
1983                     createClearPasswordChangedByRequiredTimeOperation()
1984  {
1985    return new PasswordPolicyStateOperation(
1986         OP_TYPE_CLEAR_PW_CHANGED_BY_REQUIRED_TIME);
1987  }
1988
1989
1990
1991  /**
1992   * Creates a new password policy state operation that may be used to retrieve
1993   * the length of time in seconds until the required password change time
1994   * arrives.  The result returned should include an operation of type
1995   * {@link #OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME} with a single
1996   * integer value that represents the number of seconds before the user will
1997   * be required to change his/her password as a result of the
1998   * require-change-by-time property, or a {@code null} value if the user is
1999   * not required to change their password for this reason.
2000   *
2001   * @return  The created password policy state operation.
2002   */
2003  @NotNull()
2004  public static PasswordPolicyStateOperation
2005                     createGetSecondsUntilRequiredChangeTimeOperation()
2006  {
2007    return new PasswordPolicyStateOperation(
2008         OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME);
2009  }
2010
2011
2012
2013  /**
2014   * Creates a new password policy state operation that may be used to retrieve
2015   * the password history values stored in the user's entry.  The result
2016   * returned should include an operation of type
2017   * {@link #OP_TYPE_GET_PW_HISTORY} with an array of strings representing the
2018   * user's password history content.
2019   *
2020   * @return  The created password policy state operation.
2021   *
2022   * @deprecated  This method has been deprecated in favor of the
2023   *              {@link #createGetPasswordHistoryCountOperation} method.
2024   */
2025  @Deprecated()
2026  @SuppressWarnings("deprecation")
2027  @NotNull()
2028  public static PasswordPolicyStateOperation createGetPasswordHistoryOperation()
2029  {
2030    return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY);
2031  }
2032
2033
2034
2035  /**
2036   * Creates a new password policy state operation that may be used to clear the
2037   * password history values stored in the user's entry.  The result returned
2038   * should include an operation of type {@link #OP_TYPE_GET_PW_HISTORY} with an
2039   * array of strings representing the user's password history content.
2040   *
2041   * @return  The created password policy state operation.
2042   */
2043  @NotNull()
2044  public static PasswordPolicyStateOperation
2045                     createClearPasswordHistoryOperation()
2046  {
2047    return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_PW_HISTORY);
2048  }
2049
2050
2051
2052  /**
2053   * Creates a new password policy state operation that may be used to determine
2054   * whether the user has a valid retired password.  The result returned should
2055   * include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a
2056   * single boolean value of {@code true} if the user has a valid retired
2057   * password, or {@code false} if not.
2058   *
2059   * @return  The created password policy state operation.
2060   */
2061  @NotNull()
2062  public static PasswordPolicyStateOperation createHasRetiredPasswordOperation()
2063  {
2064    return new PasswordPolicyStateOperation(OP_TYPE_HAS_RETIRED_PASSWORD);
2065  }
2066
2067
2068
2069  /**
2070   * Creates a new password policy state operation that may be used to determine
2071   * the time that the user's former password was retired.  The result returned
2072   * should include an operation of type
2073   * {@link #OP_TYPE_GET_PASSWORD_RETIRED_TIME} with a single string value that
2074   * is the generalized time representation of the time the user's former
2075   * password was retired, or a {@code null} value if the user does not have a
2076   * valid retired password.
2077   *
2078   * @return  The created password policy state operation.
2079   */
2080  @NotNull()
2081  public static PasswordPolicyStateOperation
2082                     createGetPasswordRetiredTimeOperation()
2083  {
2084    return new PasswordPolicyStateOperation(OP_TYPE_GET_PASSWORD_RETIRED_TIME);
2085  }
2086
2087
2088
2089  /**
2090   * Creates a new password policy state operation that may be used to determine
2091   * the length of time until the user's retired password expires.  The result
2092   * returned should include an operation of type
2093   * {@link #OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME} with a single string
2094   * value that is the generalized time representation of the time the user's
2095   * retired password will cease to be valid, or a {@code null} value if the
2096   * user does not have a valid retired password.
2097   *
2098   * @return  The created password policy state operation.
2099   */
2100  @NotNull()
2101  public static PasswordPolicyStateOperation
2102                     createGetRetiredPasswordExpirationTimeOperation()
2103  {
2104    return new PasswordPolicyStateOperation(
2105         OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME);
2106  }
2107
2108
2109
2110  /**
2111   * Creates a new password policy state operation that may be used to purge
2112   * any retired password from the user's entry.  The result returned should
2113   * include an operation of type {@link #OP_TYPE_HAS_RETIRED_PASSWORD} with a
2114   * single boolean value of {@code true} if the user has a valid retired
2115   * password, or {@code false} if not.
2116   *
2117   * @return  The created password policy state operation.
2118   */
2119  @NotNull()
2120  public static PasswordPolicyStateOperation
2121                     createPurgeRetiredPasswordOperation()
2122  {
2123    return new PasswordPolicyStateOperation(OP_TYPE_PURGE_RETIRED_PASSWORD);
2124  }
2125
2126
2127
2128  /**
2129   * Creates a new password policy state operation that may be used to retrieve
2130   * information about any password policy state notices pertaining to the
2131   * usability of the user's account.  The result returned should include an
2132   * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES} with an
2133   * array of strings that represent
2134   * {@link PasswordPolicyStateAccountUsabilityWarning} values.
2135   *
2136   * @return  The created password policy state operation.
2137   */
2138  @NotNull()
2139  public static PasswordPolicyStateOperation
2140                     createGetAccountUsabilityNoticesOperation()
2141  {
2142    return new PasswordPolicyStateOperation(
2143         OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES);
2144  }
2145
2146
2147
2148  /**
2149   * Creates a new password policy state operation that may be used to retrieve
2150   * information about any password policy state warnings that may impact the
2151   * usability of the user's account.  The result returned should include an
2152   * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS} with an
2153   * array of strings that represent
2154   * {@link PasswordPolicyStateAccountUsabilityWarning} values.
2155   *
2156   * @return  The created password policy state operation.
2157   */
2158  @NotNull()
2159  public static PasswordPolicyStateOperation
2160                     createGetAccountUsabilityWarningsOperation()
2161  {
2162    return new PasswordPolicyStateOperation(
2163         OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS);
2164  }
2165
2166
2167
2168  /**
2169   * Creates a new password policy state operation that may be used to retrieve
2170   * information about any password policy state errors that may impact the
2171   * usability of the user's account.  The result returned should include an
2172   * operation of type {@link #OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS} with an
2173   * array of strings that represent
2174   * {@link PasswordPolicyStateAccountUsabilityError} values.
2175   *
2176   * @return  The created password policy state operation.
2177   */
2178  @NotNull()
2179  public static PasswordPolicyStateOperation
2180                     createGetAccountUsabilityErrorsOperation()
2181  {
2182    return new PasswordPolicyStateOperation(
2183         OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS);
2184  }
2185
2186
2187
2188  /**
2189   * Creates a new password policy state operation that may be used to determine
2190   * whether an account is usable (i.e., the account will be allowed to
2191   * authenticate and/or be used as an alternate authorization identity.  The
2192   * result returned should include an operation of type
2193   * {@link #OP_TYPE_GET_ACCOUNT_IS_USABLE} with a single boolean value that
2194   * indicates whether the account is usable.
2195   *
2196   * @return  The created password policy state operation.
2197   */
2198  @NotNull()
2199  public static PasswordPolicyStateOperation
2200                     createGetAccountIsUsableOperation()
2201  {
2202    return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_USABLE);
2203  }
2204
2205
2206
2207  /**
2208   * Creates a new password policy state operation that may be used to determine
2209   * whether an account has an activation time that is in the future.  The
2210   * result returned should include an operation of type
2211   * {@link #OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE} with a single boolean value
2212   * that indicates whether the account is not yet active.
2213   *
2214   * @return  The created password policy state operation.
2215   */
2216  @NotNull()
2217  public static PasswordPolicyStateOperation
2218                     createGetAccountIsNotYetActiveOperation()
2219  {
2220    return new PasswordPolicyStateOperation(
2221         OP_TYPE_GET_ACCOUNT_IS_NOT_YET_ACTIVE);
2222  }
2223
2224
2225
2226  /**
2227   * Creates a new password policy state operation that may be used to determine
2228   * whether an account has an expiration time that is in the past.  The result
2229   * returned should include an operation of type
2230   * {@link #OP_TYPE_GET_ACCOUNT_IS_EXPIRED} with a single boolean value that
2231   * indicates whether the account is expired.
2232   *
2233   * @return  The created password policy state operation.
2234   */
2235  @NotNull()
2236  public static PasswordPolicyStateOperation
2237                     createGetAccountIsExpiredOperation()
2238  {
2239    return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_EXPIRED);
2240  }
2241
2242
2243
2244  /**
2245   * Creates a new password policy state operation that may be used to determine
2246   * when a user's password is expected to expire.  The result returned should
2247   * include an operation of type {@link #OP_TYPE_GET_PW_EXPIRATION_TIME} with a
2248   * single string value that is the generalized time representation of the
2249   * password expiration time.
2250   *
2251   * @return  The created password policy state operation.
2252   */
2253  @NotNull()
2254  public static PasswordPolicyStateOperation
2255                     createGetPasswordExpirationTimeOperation()
2256  {
2257    return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_EXPIRATION_TIME);
2258  }
2259
2260
2261
2262  /**
2263   * Creates a new password policy state operation that may be used to determine
2264   * whether an account has been locked because of too many failed
2265   * authentication attempts.  The result returned should include an operation
2266   * of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single
2267   * boolean value that indicates whether the account is failure locked.
2268   *
2269   * @return  The created password policy state operation.
2270   */
2271  @NotNull()
2272  public static PasswordPolicyStateOperation
2273                     createGetAccountIsFailureLockedOperation()
2274  {
2275    return new PasswordPolicyStateOperation(
2276         OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED);
2277  }
2278
2279
2280
2281  /**
2282   * Creates a new password policy state operation that may be used to specify
2283   * whether an account should be locked because of too many failed
2284   * authentication attempts.  The result returned should include an operation
2285   * of type {@link #OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED} with a single
2286   * boolean value that indicates whether the account is failure locked.
2287   *
2288   * @param  isFailureLocked  Indicates whether the account should be locked
2289   *                          because of too many failed attempts.
2290   *
2291   * @return  The created password policy state operation.
2292   */
2293  @NotNull()
2294  public static PasswordPolicyStateOperation
2295                     createSetAccountIsFailureLockedOperation(
2296                          final boolean isFailureLocked)
2297  {
2298    final ASN1OctetString[] values =
2299    {
2300      new ASN1OctetString(String.valueOf(isFailureLocked))
2301    };
2302
2303    return new PasswordPolicyStateOperation(
2304         OP_TYPE_SET_ACCOUNT_IS_FAILURE_LOCKED, values);
2305  }
2306
2307
2308
2309  /**
2310   * Creates a new password policy state operation that may be used to determine
2311   * when a user's password is was locked because of too many failed
2312   * authentication attempts.  The result returned should include an operation
2313   * of type {@link #OP_TYPE_GET_FAILURE_LOCKOUT_TIME} with a single string
2314   * value that is the generalized time representation of the failure lockout
2315   * time.
2316   *
2317   * @return  The created password policy state operation.
2318   */
2319  @NotNull()
2320  public static PasswordPolicyStateOperation
2321                     createGetFailureLockoutTimeOperation()
2322  {
2323    return new PasswordPolicyStateOperation(OP_TYPE_GET_FAILURE_LOCKOUT_TIME);
2324  }
2325
2326
2327
2328  /**
2329   * Creates a new password policy state operation that may be used to determine
2330   * whether an account has been locked because it has remained idle for too
2331   * long.  The result returned should include an operation of type
2332   * {@link #OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED} with a single boolean value
2333   * that indicates whether the account is idle locked.
2334   *
2335   * @return  The created password policy state operation.
2336   */
2337  @NotNull()
2338  public static PasswordPolicyStateOperation
2339                     createGetAccountIsIdleLockedOperation()
2340  {
2341    return new PasswordPolicyStateOperation(OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED);
2342  }
2343
2344
2345
2346  /**
2347   * Creates a new password policy state operation that may be used to determine
2348   * when a user's password is was locked because of the idle account lockout.
2349   * The result returned should include an operation of type
2350   * {@link #OP_TYPE_GET_IDLE_LOCKOUT_TIME} with a single string value that is
2351   * the generalized time representation of the idle lockout time.
2352   *
2353   * @return  The created password policy state operation.
2354   */
2355  @NotNull()
2356  public static PasswordPolicyStateOperation
2357                     createGetIdleLockoutTimeOperation()
2358  {
2359    return new PasswordPolicyStateOperation(OP_TYPE_GET_IDLE_LOCKOUT_TIME);
2360  }
2361
2362
2363
2364  /**
2365   * Creates a new password policy state operation that may be used to determine
2366   * whether an account has been locked because the user failed to change their
2367   * password in a timely manner after an administrative reset.  The result
2368   * returned should include an operation of type
2369   * {@link #OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED} with a single boolean value
2370   * that indicates whether the account is reset locked.
2371   *
2372   * @return  The created password policy state operation.
2373   */
2374  @NotNull()
2375  public static PasswordPolicyStateOperation
2376                     createGetAccountIsResetLockedOperation()
2377  {
2378    return new PasswordPolicyStateOperation(
2379         OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED);
2380  }
2381
2382
2383
2384  /**
2385   * Creates a new password policy state operation that may be used to determine
2386   * when a user's password is was locked because the user failed to change
2387   * their password in a timely manner after an administrative reset.  The
2388   * result returned should include an operation of type
2389   * {@link #OP_TYPE_GET_RESET_LOCKOUT_TIME} with a single string value that is
2390   * the generalized time representation of the reset lockout time.
2391   *
2392   * @return  The created password policy state operation.
2393   */
2394  @NotNull()
2395  public static PasswordPolicyStateOperation
2396                     createGetResetLockoutTimeOperation()
2397  {
2398    return new PasswordPolicyStateOperation(OP_TYPE_GET_RESET_LOCKOUT_TIME);
2399  }
2400
2401
2402
2403  /**
2404   * Creates a new password policy state operation that may be used to retrieve
2405   * the number of passwords currently held in a user's password history.  The
2406   * result returned should include an operation of type
2407   * {@link #OP_TYPE_GET_PW_HISTORY_COUNT} with a single integer value that
2408   * represents the number of passwords in the history, or a {@code null} value
2409   * if a password history is not enabled for the user.
2410   *
2411   * @return  The created password policy state operation.
2412   */
2413  @NotNull()
2414  public static PasswordPolicyStateOperation
2415                     createGetPasswordHistoryCountOperation()
2416  {
2417    return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_HISTORY_COUNT);
2418  }
2419
2420
2421
2422  /**
2423   * Creates a new password policy state operation that may be used to determine
2424   * whether a user's password is expired.  The result returned should include
2425   * an operation of type {@link #OP_TYPE_GET_PW_IS_EXPIRED} with a single
2426   * Boolean value that indicates whether the password is expired, or a
2427   * {@code null} value if password expiration is not enabled for the user.
2428   *
2429   * @return  The created password policy state operation.
2430   */
2431  @NotNull()
2432  public static PasswordPolicyStateOperation
2433                     createGetPasswordIsExpiredOperation()
2434  {
2435    return new PasswordPolicyStateOperation(OP_TYPE_GET_PW_IS_EXPIRED);
2436  }
2437
2438
2439
2440  /**
2441   * Creates a new password policy state operation that may be used to retrieve
2442   * a list of the SASL mechanisms that are available for a user.  This will
2443   * take into consideration the server's configuration, the types of
2444   * credentials that a user has, and per-user constraints and preferences.
2445   *
2446   * @return  The created password policy state operation.
2447   */
2448  @NotNull()
2449  public static PasswordPolicyStateOperation
2450                     createGetAvailableSASLMechanismsOperation()
2451  {
2452    return new PasswordPolicyStateOperation(
2453         OP_TYPE_GET_AVAILABLE_SASL_MECHANISMS);
2454  }
2455
2456
2457
2458  /**
2459   * Creates a new password policy state operation that may be used to retrieve
2460   * a list of the one-time password delivery mechanisms that are available for
2461   * a user.  If the user's entry includes information about which OTP delivery
2462   * mechanisms are preferred, the list will be ordered from most preferred to
2463   * least preferred.
2464   *
2465   * @return  The created password policy state operation.
2466   */
2467  @NotNull()
2468  public static PasswordPolicyStateOperation
2469                     createGetAvailableOTPDeliveryMechanismsOperation()
2470  {
2471    return new PasswordPolicyStateOperation(
2472         OP_TYPE_GET_AVAILABLE_OTP_DELIVERY_MECHANISMS);
2473  }
2474
2475
2476
2477  /**
2478   * Creates a new password policy state operation that may be used to determine
2479   * whether the user has at least one TOTP shared secret.  The result returned
2480   * should include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET}
2481   * with a single boolean value of {@code true} if the user has one or more
2482   * TOTP shared secrets, or {@code false} if not.
2483   *
2484   * @return  The created password policy state operation.
2485   *
2486   * @deprecated  Use {@link #createHasTOTPSharedSecretOperation} instead.
2487   */
2488  @Deprecated()
2489  @NotNull()
2490  public static PasswordPolicyStateOperation createHasTOTPSharedSecret()
2491  {
2492    return new PasswordPolicyStateOperation(OP_TYPE_HAS_TOTP_SHARED_SECRET);
2493  }
2494
2495
2496
2497  /**
2498   * Creates a new password policy state operation that may be used to determine
2499   * whether the user has at least one TOTP shared secret.  The result returned
2500   * should include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET}
2501   * with a single boolean value of {@code true} if the user has one or more
2502   * TOTP shared secrets, or {@code false} if not.
2503   *
2504   * @return  The created password policy state operation.
2505   */
2506  @NotNull()
2507  public static PasswordPolicyStateOperation
2508                     createHasTOTPSharedSecretOperation()
2509  {
2510    return new PasswordPolicyStateOperation(OP_TYPE_HAS_TOTP_SHARED_SECRET);
2511  }
2512
2513
2514
2515  /**
2516   * Creates a new password policy state operation that may be used to add one
2517   * or more values to the set of TOTP shared secrets for a user.  The result
2518   * returned should include an operation of type
2519   * {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of
2520   * {@code true} if the user has one or more TOTP shared secrets, or
2521   * {@code false} if not.
2522   *
2523   * @param  totpSharedSecrets  The base32-encoded representations of the TOTP
2524   *                            shared secrets to add to the user.  It must not
2525   *                            be {@code null} or empty.
2526   *
2527   * @return  The created password policy state operation.
2528   */
2529  @NotNull()
2530  public static PasswordPolicyStateOperation
2531                     createAddTOTPSharedSecretOperation(
2532                          @NotNull final String... totpSharedSecrets)
2533  {
2534    final ASN1OctetString[] values =
2535         new ASN1OctetString[totpSharedSecrets.length];
2536    for (int i=0; i < totpSharedSecrets.length; i++)
2537    {
2538      values[i] = new ASN1OctetString(totpSharedSecrets[i]);
2539    }
2540
2541    return new PasswordPolicyStateOperation(OP_TYPE_ADD_TOTP_SHARED_SECRET,
2542         values);
2543  }
2544
2545
2546
2547  /**
2548   * Creates a new password policy state operation that may be used to remove
2549   * one or more values from the set of TOTP shared secrets for a user.  The
2550   * result returned should include an operation of type
2551   * {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a single boolean value of
2552   * {@code true} if the user has one or more TOTP shared secrets, or
2553   * {@code false} if not.
2554   *
2555   * @param  totpSharedSecrets  The base32-encoded representations of the TOTP
2556   *                            shared secrets to remove from the user.  It must
2557   *                            not be {@code null} or empty.
2558   *
2559   * @return  The created password policy state operation.
2560   */
2561  @NotNull()
2562  public static PasswordPolicyStateOperation
2563                     createRemoveTOTPSharedSecretOperation(
2564                          @NotNull final String... totpSharedSecrets)
2565  {
2566    final ASN1OctetString[] values =
2567         new ASN1OctetString[totpSharedSecrets.length];
2568    for (int i=0; i < totpSharedSecrets.length; i++)
2569    {
2570      values[i] = new ASN1OctetString(totpSharedSecrets[i]);
2571    }
2572
2573    return new PasswordPolicyStateOperation(OP_TYPE_REMOVE_TOTP_SHARED_SECRET,
2574         values);
2575  }
2576
2577
2578
2579  /**
2580   * Creates a new password policy state operation that may be used to replace
2581   * the set of TOTP shared secrets for a user.  The result returned should
2582   * include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a
2583   * single boolean value of {@code true} if the user has one or more TOTP
2584   * shared secrets, or {@code false} if not.
2585   *
2586   * @param  totpSharedSecrets  The base32-encoded representations of the TOTP
2587   *                            shared secrets for the user.  It must not be
2588   *                            {@code null} but may be empty.
2589   *
2590   * @return  The created password policy state operation.
2591   */
2592  @NotNull()
2593  public static PasswordPolicyStateOperation
2594                     createSetTOTPSharedSecretsOperation(
2595                          @NotNull final String... totpSharedSecrets)
2596  {
2597    final ASN1OctetString[] values =
2598         new ASN1OctetString[totpSharedSecrets.length];
2599    for (int i=0; i < totpSharedSecrets.length; i++)
2600    {
2601      values[i] = new ASN1OctetString(totpSharedSecrets[i]);
2602    }
2603
2604    return new PasswordPolicyStateOperation(OP_TYPE_SET_TOTP_SHARED_SECRETS,
2605         values);
2606  }
2607
2608
2609
2610  /**
2611   * Creates a new password policy state operation that may be used to clear
2612   * the set of TOTP shared secrets for a user.  The result returned should
2613   * include an operation of type {@link #OP_TYPE_HAS_TOTP_SHARED_SECRET} with a
2614   * single boolean value of {@code true} if the user has one or more TOTP
2615   * shared secrets, or {@code false} if not.
2616   *
2617   * @return  The created password policy state operation.
2618   */
2619  @NotNull()
2620  public static PasswordPolicyStateOperation
2621                     createClearTOTPSharedSecretsOperation()
2622  {
2623    return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_TOTP_SHARED_SECRETS);
2624  }
2625
2626
2627
2628  /**
2629   * Creates a new password policy state operation that may be used to determine
2630   * whether the user has at least one registered YubiKey OTP device.  The
2631   * result returned should include an operation of type
2632   * {@link #OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID}
2633   * with a single boolean value of {@code true} if the user has one or more
2634   * registered devices, or {@code false} if not.
2635   *
2636   * @return  The created password policy state operation.
2637   */
2638  @NotNull()
2639  public static PasswordPolicyStateOperation createHasYubiKeyPublicIDOperation()
2640  {
2641    return new PasswordPolicyStateOperation(
2642         OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID);
2643  }
2644
2645
2646
2647  /**
2648   * Creates a new password policy state operation that may be used to retrieve
2649   * the public IDs of the YubiKey OTP devices registered for a user.  The
2650   * result returned should include an operation of type
2651   * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string
2652   * values that represent the public IDs of the registered YubiKey OTP devices.
2653   *
2654   * @return  The created password policy state operation.
2655   */
2656  @NotNull()
2657  public static PasswordPolicyStateOperation
2658                     createGetRegisteredYubiKeyPublicIDsOperation()
2659  {
2660    return new PasswordPolicyStateOperation(
2661         OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS);
2662  }
2663
2664
2665
2666  /**
2667   * Creates a new password policy state operation that may be used to add one
2668   * or more values to the set of the public IDs of the YubiKey OTP devices
2669   * registered for a user.  The result returned should include an operation of
2670   * type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of
2671   * string values that represent the public IDs of the registered YubiKey OTP
2672   * devices.
2673   *
2674   * @param  publicIDs  The set of public IDs to add to the set of YubiKey OTP
2675   *                    devices registered for the user.  It must not be
2676   *                    {@code null} or empty.
2677   *
2678   * @return  The created password policy state operation.
2679   */
2680  @NotNull()
2681  public static PasswordPolicyStateOperation
2682                     createAddRegisteredYubiKeyPublicIDOperation(
2683                          @NotNull final String... publicIDs)
2684  {
2685    final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length];
2686    for (int i=0; i < publicIDs.length; i++)
2687    {
2688      values[i] = new ASN1OctetString(publicIDs[i]);
2689    }
2690
2691    return new PasswordPolicyStateOperation(
2692         OP_TYPE_ADD_REGISTERED_YUBIKEY_PUBLIC_ID, values);
2693  }
2694
2695
2696
2697  /**
2698   * Creates a new password policy state operation that may be used to remove
2699   * one or more values from the set of the public IDs of the YubiKey OTP
2700   * devices registered for a user.  The result returned should include an
2701   * operation of type {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with
2702   * an array of string values that represent the public IDs of the registered
2703   * YubiKey OTP devices.
2704   *
2705   * @param  publicIDs  The set of public IDs to remove from the set of YubiKey
2706   *                    OTP devices registered for the user.  It must not be
2707   *                    {@code null} or empty.
2708   *
2709   * @return  The created password policy state operation.
2710   */
2711  @NotNull()
2712  public static PasswordPolicyStateOperation
2713                     createRemoveRegisteredYubiKeyPublicIDOperation(
2714                          @NotNull final String... publicIDs)
2715  {
2716    final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length];
2717    for (int i=0; i < publicIDs.length; i++)
2718    {
2719      values[i] = new ASN1OctetString(publicIDs[i]);
2720    }
2721
2722    return new PasswordPolicyStateOperation(
2723         OP_TYPE_REMOVE_REGISTERED_YUBIKEY_PUBLIC_ID, values);
2724  }
2725
2726
2727
2728  /**
2729   * Creates a new password policy state operation that may be used to replace
2730   * the set of the public IDs of the YubiKey OTP devices registered for a user.
2731   * The result returned should include an operation of type
2732   * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string
2733   * values that represent the public IDs of the registered YubiKey OTP devices.
2734   *
2735   * @param  publicIDs  The set of public IDs for the YubiKey OTP devices
2736   *                    registered for the user.  It must not be {@code null}
2737   *                    but may be empty.
2738   *
2739   * @return  The created password policy state operation.
2740   */
2741  @NotNull()
2742  public static PasswordPolicyStateOperation
2743                     createSetRegisteredYubiKeyPublicIDsOperation(
2744                          @NotNull final String... publicIDs)
2745  {
2746    final ASN1OctetString[] values = new ASN1OctetString[publicIDs.length];
2747    for (int i=0; i < publicIDs.length; i++)
2748    {
2749      values[i] = new ASN1OctetString(publicIDs[i]);
2750    }
2751
2752    return new PasswordPolicyStateOperation(
2753         OP_TYPE_SET_REGISTERED_YUBIKEY_PUBLIC_IDS, values);
2754  }
2755
2756
2757
2758  /**
2759   * Creates a new password policy state operation that may be used to clear
2760   * the set of the public IDs of the YubiKey OTP devices registered for a user.
2761   * The result returned should include an operation of type
2762   * {@link #OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS} with an array of string
2763   * values that represent the public IDs of the registered YubiKey OTP devices.
2764   *
2765   * @return  The created password policy state operation.
2766   */
2767  @NotNull()
2768  public static PasswordPolicyStateOperation
2769                     createClearRegisteredYubiKeyPublicIDsOperation()
2770  {
2771    return new PasswordPolicyStateOperation(
2772         OP_TYPE_CLEAR_REGISTERED_YUBIKEY_PUBLIC_IDS);
2773  }
2774
2775
2776
2777  /**
2778   * Creates a new password policy state operation that may be used to determine
2779   * whether the user has a static password.  The result should include an
2780   * operation of type {@link #OP_TYPE_HAS_STATIC_PASSWORD} with a single
2781   * boolean value of {@code true} if the user has a static password, or
2782   * {@code false} if not.
2783   *
2784   * @return  The created password policy state operation.
2785   */
2786  @NotNull()
2787  public static PasswordPolicyStateOperation createHasStaticPasswordOperation()
2788  {
2789    return new PasswordPolicyStateOperation(OP_TYPE_HAS_STATIC_PASSWORD);
2790  }
2791
2792
2793
2794  /**
2795   * Creates a new password policy state operation that may be used to retrieve
2796   * the time that the server last invoked password validators during a bind
2797   * operation for the target user.  The result should include an operation of
2798   * type {@link #OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME} with a
2799   * single string value that is the generalized time representation of the last
2800   * bind password validation time, or a {@code null} value if the account does
2801   * not have a last bind password validation time.
2802   *
2803   * @return  The created password policy state operation.
2804   */
2805  @NotNull()
2806  public static PasswordPolicyStateOperation
2807                     createGetLastBindPasswordValidationTimeOperation()
2808  {
2809    return new PasswordPolicyStateOperation(
2810         OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME);
2811  }
2812
2813
2814
2815  /**
2816   * Creates a new password policy state operation that may be used to determine
2817   * the length of time in seconds since the server last invoked password
2818   * validators during a bind operation for the target user.  The result should
2819   * include an operation of type
2820   * {@link #OP_TYPE_GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION} with a
2821   * single integer value representing the number of seconds since the last
2822   * bind password validation time, or a {@code null} value if the account does
2823   * not have a last bind password validation time.
2824   *
2825   * @return  The created password policy state operation.
2826   */
2827  @NotNull()
2828  public static PasswordPolicyStateOperation
2829                     createGetSecondsSinceLastBindPasswordValidationOperation()
2830  {
2831    return new PasswordPolicyStateOperation(
2832         OP_TYPE_GET_SECONDS_SINCE_LAST_BIND_PASSWORD_VALIDATION);
2833  }
2834
2835
2836
2837  /**
2838   * Creates a new password policy state operation that may be used to set the
2839   * time that the server last invoked password validators during a bind
2840   * operation for the target user.  The result returned should include an
2841   * operation of type {@link #OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME}
2842   * with a  single string value that is the generalized time representation of
2843   * the last bind password validation time, or a {@code null} value if the
2844   * account does not have a last bind password validation time.
2845   *
2846   * @param  validationTime  The time that the server last invoke password
2847   *                         validators during a bind operation for the target
2848   *                         user.  It may be {@code null} if the server should
2849   *                         use the current time.
2850   *
2851   * @return The created password policy state operation.
2852   */
2853  @NotNull()
2854  public static PasswordPolicyStateOperation
2855                     createSetLastBindPasswordValidationTimeOperation(
2856                          @Nullable final Date validationTime)
2857  {
2858    return new PasswordPolicyStateOperation(
2859         OP_TYPE_SET_LAST_BIND_PASSWORD_VALIDATION_TIME,
2860         createValues(validationTime));
2861  }
2862
2863
2864
2865  /**
2866   * Creates a new password policy state operation that may be used to clear the
2867   * last bind password validation time in the user's entry.  The result
2868   * returned should include an operation of type
2869   * {@link #OP_TYPE_GET_LAST_BIND_PASSWORD_VALIDATION_TIME} with a single
2870   * string value that is the generalized time representation of the last bind
2871   * password validation time, or a {@code null} value if the account does not
2872   * have a last bind password validation time.
2873   *
2874   * @return  The created password policy state operation.
2875   */
2876  @NotNull()
2877  public static PasswordPolicyStateOperation
2878                     createClearLastBindPasswordValidationTimeOperation()
2879  {
2880    return new PasswordPolicyStateOperation(
2881                    OP_TYPE_CLEAR_LAST_BIND_PASSWORD_VALIDATION_TIME);
2882  }
2883
2884
2885
2886  /**
2887   * Creates a new password policy state operation that may be used to determine
2888   * whether an account has been locked because it contains a password that does
2889   * not satisfy all of the configured password validators.  The result returned
2890   * should include an operation of type
2891   * {@link #OP_TYPE_GET_ACCOUNT_IS_VALIDATION_LOCKED} with a single boolean
2892   * value that indicates whether the account is validation locked.
2893   *
2894   * @return  The created password policy state operation.
2895   */
2896  @NotNull()
2897  public static PasswordPolicyStateOperation
2898                     createGetAccountIsValidationLockedOperation()
2899  {
2900    return new PasswordPolicyStateOperation(
2901         OP_TYPE_GET_ACCOUNT_IS_VALIDATION_LOCKED);
2902  }
2903
2904
2905
2906  /**
2907   * Creates a new password policy state operation that may be used to specify
2908   * whether an account should be locked because it contains a password that
2909   * does not satisfy all of the configured password validators.  The result
2910   * authentication attempts.  The result returned should include an operation
2911   * of type {@link #OP_TYPE_SET_ACCOUNT_IS_VALIDATION_LOCKED} with a single
2912   * boolean value that indicates whether the account is validation locked.
2913   *
2914   * @param  isValidationLocked  Indicates whether the account should be locked
2915   *                             because it contains a password that does not
2916   *                             satisfy all of the configured password
2917   *                             validators.
2918   *
2919   * @return  The created password policy state operation.
2920   */
2921  @NotNull()
2922  public static PasswordPolicyStateOperation
2923                     createSetAccountIsValidationLockedOperation(
2924                          final boolean isValidationLocked)
2925  {
2926    final ASN1OctetString[] values =
2927    {
2928      new ASN1OctetString(String.valueOf(isValidationLocked))
2929    };
2930
2931    return new PasswordPolicyStateOperation(
2932         OP_TYPE_SET_ACCOUNT_IS_VALIDATION_LOCKED, values);
2933  }
2934
2935
2936
2937  /**
2938   * Creates a new password policy state operation that may be used to retrieve
2939   * the recent login history for a user.  The result returned should include an
2940   * operation of type {@link #OP_TYPE_GET_RECENT_LOGIN_HISTORY} with a single
2941   * string value that is a JSON object that represents the user's recent login
2942   * history/
2943   *
2944   * @return  The created password policy state operation.
2945   */
2946  @NotNull()
2947  public static PasswordPolicyStateOperation
2948                     createGetRecentLoginHistoryOperation()
2949  {
2950    return new PasswordPolicyStateOperation(OP_TYPE_GET_RECENT_LOGIN_HISTORY);
2951  }
2952
2953
2954
2955  /**
2956   * Creates a new password policy state operation that may be used to clear
2957   * the recent login history for a user.  The result returned should include an
2958   * operation of type {@link #OP_TYPE_GET_RECENT_LOGIN_HISTORY} with a single
2959   * string value that is a JSON object that represents the user's recent login
2960   * history/
2961   *
2962   * @return  The created password policy state operation.
2963   */
2964  @NotNull()
2965  public static PasswordPolicyStateOperation
2966                     createClearRecentLoginHistoryOperation()
2967  {
2968    return new PasswordPolicyStateOperation(OP_TYPE_CLEAR_RECENT_LOGIN_HISTORY);
2969  }
2970
2971
2972
2973  /**
2974   * Retrieves the operation type for this password policy state operation.
2975   *
2976   * @return  The operation type for this password policy state operation.
2977   */
2978  public int getOperationType()
2979  {
2980    return opType;
2981  }
2982
2983
2984
2985  /**
2986   * Retrieves the set of raw values for this password policy state operation.
2987   *
2988   * @return  The set of raw values for this password policy state operation.
2989   */
2990  @NotNull()
2991  public ASN1OctetString[] getRawValues()
2992  {
2993    return values;
2994  }
2995
2996
2997
2998  /**
2999   * Retrieves the string representation of the value for this password policy
3000   * state operation.  If there are multiple values, then the first will be
3001   * returned.
3002   *
3003   * @return  The string representation of the value for this password policy
3004   *          state operation, or {@code null} if there are no values.
3005   */
3006  @Nullable()
3007  public String getStringValue()
3008  {
3009    if (values.length == 0)
3010    {
3011      return null;
3012    }
3013    else
3014    {
3015      return values[0].stringValue();
3016    }
3017  }
3018
3019
3020
3021  /**
3022   * Retrieves the string representations of the values for this password policy
3023   * state operation.
3024   *
3025   * @return  The string representations of the values for this password policy
3026   *          state operation.
3027   */
3028  @NotNull()
3029  public String[] getStringValues()
3030  {
3031    final String[] stringValues = new String[values.length];
3032    for (int i=0; i < values.length; i++)
3033    {
3034      stringValues[i] = values[i].stringValue();
3035    }
3036
3037    return stringValues;
3038  }
3039
3040
3041
3042  /**
3043   * Retrieves the boolean representation of the value for this password policy
3044   * state operation.
3045   *
3046   * @return  The boolean representation of the value for this password policy
3047   *          state operation.
3048   *
3049   * @throws  IllegalStateException  If this operation does not have exactly one
3050   *                                 value, or if the value cannot be decoded as
3051   *                                 a boolean value.
3052   */
3053  public boolean getBooleanValue()
3054         throws IllegalStateException
3055  {
3056    if (values.length != 1)
3057    {
3058      throw new IllegalStateException(
3059           ERR_PWP_STATE_INVALID_BOOLEAN_VALUE_COUNT.get(values.length));
3060    }
3061
3062    final String valueString = StaticUtils.toLowerCase(values[0].stringValue());
3063    if (valueString.equals("true"))
3064    {
3065      return true;
3066    }
3067    else if (valueString.equals("false"))
3068    {
3069      return false;
3070    }
3071    else
3072    {
3073      throw new IllegalStateException(
3074           ERR_PWP_STATE_VALUE_NOT_BOOLEAN.get(values[0].stringValue()));
3075    }
3076  }
3077
3078
3079
3080  /**
3081   * Retrieves the integer representation of the value for this password policy
3082   * state operation.  If there are multiple values, then the first will be
3083   * returned.
3084   *
3085   * @return  The integer representation of the value for this password policy
3086   *          operation.
3087   *
3088   * @throws  IllegalStateException  If this operation does not have any values.
3089   *
3090   * @throws  NumberFormatException  If the value cannot be parsed as an
3091   *                                 integer.
3092   */
3093  public int getIntValue()
3094         throws IllegalStateException, NumberFormatException
3095  {
3096    if (values.length == 0)
3097    {
3098      throw new IllegalStateException(ERR_PWP_STATE_NO_VALUES.get());
3099    }
3100
3101    return Integer.parseInt(values[0].stringValue());
3102  }
3103
3104
3105
3106  /**
3107   * Retrieves the {@code Date} object represented by the value for this
3108   * password policy state operation treated as a timestamp in generalized time
3109   * form.  If there are multiple values, then the first will be returned.
3110   *
3111   * @return  The {@code Date} object represented by the value for this password
3112   *          policy state operation treated as a timestamp in generalized time
3113   *          form, or {@code null} if this operation does not have any values.
3114   *
3115   * @throws  ParseException  If the value cannot be decoded as a timestamp in
3116   *                          generalized time form.
3117   */
3118  @Nullable()
3119  public Date getGeneralizedTimeValue()
3120         throws ParseException
3121  {
3122    if (values.length == 0)
3123    {
3124      return null;
3125    }
3126
3127    return StaticUtils.decodeGeneralizedTime(values[0].stringValue());
3128  }
3129
3130
3131
3132  /**
3133   * Retrieves the {@code Date} objects represented by the values for this
3134   * password policy state operation treated as timestamps in generalized time
3135   * form.
3136   *
3137   * @return  The {@code Date} objects represented by the values for this
3138   *          password policy state operation treated as timestamps in
3139   *          generalized time form.
3140   *
3141   * @throws  ParseException  If any of the values cannot be decoded as a
3142   *                          timestamp in generalized time form.
3143   */
3144  @NotNull()
3145  public Date[] getGeneralizedTimeValues()
3146         throws ParseException
3147  {
3148    final Date[] dateValues = new Date[values.length];
3149    for (int i=0; i < values.length; i++)
3150    {
3151      dateValues[i] =
3152           StaticUtils.decodeGeneralizedTime(values[i].stringValue());
3153    }
3154
3155    return dateValues;
3156  }
3157
3158
3159
3160  /**
3161   * Creates an array of ASN.1 octet strings with the provided set of values.
3162   *
3163   * @param  dates  The dates from which to create the values.  It may be
3164   *                {@code null} or empty if there should be no values.
3165   *
3166   * @return  The array of ASN.1 octet strings.
3167   */
3168  @NotNull()
3169  private static ASN1OctetString[] createValues(@Nullable final Date... dates)
3170  {
3171    if ((dates == null) || (dates.length == 0))
3172    {
3173      return NO_VALUES;
3174    }
3175
3176    final ArrayList<ASN1OctetString> valueList =
3177         new ArrayList<ASN1OctetString>(dates.length);
3178    for (final Date d : dates)
3179    {
3180      if (d != null)
3181      {
3182        valueList.add(new ASN1OctetString(
3183             StaticUtils.encodeGeneralizedTime(d)));
3184      }
3185    }
3186
3187    return valueList.toArray(NO_VALUES);
3188  }
3189
3190
3191
3192  /**
3193   * Encodes this password policy state operation for use in the extended
3194   * request or response.
3195   *
3196   * @return  An ASN.1 element containing an encoded representation of this
3197   *          password policy state operation.
3198   */
3199  @NotNull()
3200  public ASN1Element encode()
3201  {
3202    final ASN1Element[] elements;
3203    if (values.length > 0)
3204    {
3205      elements = new ASN1Element[]
3206      {
3207        new ASN1Enumerated(opType),
3208        new ASN1Sequence(values)
3209      };
3210    }
3211    else
3212    {
3213      elements = new ASN1Element[]
3214      {
3215        new ASN1Enumerated(opType),
3216      };
3217    }
3218
3219    return new ASN1Sequence(elements);
3220  }
3221
3222
3223
3224  /**
3225   * Decodes the provided ASN.1 element as a password policy state operation.
3226   *
3227   * @param  element  The ASN.1 element to be decoded.
3228   *
3229   * @return  The decoded password policy state operation.
3230   *
3231   * @throws  LDAPException  If a problem occurs while attempting to decode the
3232   *                         provided ASN.1 element as a password policy state
3233   *                         operation.
3234   */
3235  @NotNull()
3236  public static PasswordPolicyStateOperation decode(
3237                     @NotNull final ASN1Element element)
3238         throws LDAPException
3239  {
3240    final ASN1Element[] elements;
3241    try
3242    {
3243      elements = ASN1Sequence.decodeAsSequence(element).elements();
3244    }
3245    catch (final Exception e)
3246    {
3247      Debug.debugException(e);
3248      throw new LDAPException(ResultCode.DECODING_ERROR,
3249           ERR_PWP_STATE_ELEMENT_NOT_SEQUENCE.get(e), e);
3250    }
3251
3252    if ((elements.length < 1) || (elements.length > 2))
3253    {
3254      throw new LDAPException(ResultCode.DECODING_ERROR,
3255                              ERR_PWP_STATE_INVALID_ELEMENT_COUNT.get(
3256                                   elements.length));
3257    }
3258
3259    final int opType;
3260    try
3261    {
3262      opType = ASN1Enumerated.decodeAsEnumerated(elements[0]).intValue();
3263    }
3264    catch (final Exception e)
3265    {
3266      Debug.debugException(e);
3267      throw new LDAPException(ResultCode.DECODING_ERROR,
3268           ERR_PWP_STATE_OP_TYPE_NOT_INTEGER.get(e), e);
3269    }
3270
3271    final ASN1OctetString[] values;
3272    if (elements.length == 2)
3273    {
3274      try
3275      {
3276        final ASN1Element[] valueElements =
3277             ASN1Sequence.decodeAsSequence(elements[1]).elements();
3278        values = new ASN1OctetString[valueElements.length];
3279        for (int i=0; i < valueElements.length; i++)
3280        {
3281          values[i] = ASN1OctetString.decodeAsOctetString(valueElements[i]);
3282        }
3283      }
3284      catch (final Exception e)
3285      {
3286        Debug.debugException(e);
3287        throw new LDAPException(ResultCode.DECODING_ERROR,
3288             ERR_PWP_STATE_CANNOT_DECODE_VALUES.get(e), e);
3289      }
3290    }
3291    else
3292    {
3293      values = NO_VALUES;
3294    }
3295
3296    return new PasswordPolicyStateOperation(opType, values);
3297  }
3298
3299
3300
3301  /**
3302   * Retrieves a string representation of this password policy state operation.
3303   *
3304   * @return  A string representation of this password policy state operation.
3305   */
3306  @Override()
3307  @NotNull()
3308  public String toString()
3309  {
3310    final StringBuilder buffer = new StringBuilder();
3311    toString(buffer);
3312    return buffer.toString();
3313  }
3314
3315
3316
3317  /**
3318   * Appends a string representation of this password policy state operation to
3319   * the provided buffer.
3320   *
3321   * @param  buffer  The buffer to which the information should be appended.
3322   */
3323  public void toString(@NotNull final StringBuilder buffer)
3324  {
3325    buffer.append("PasswordPolicyStateOperation(opType=");
3326    buffer.append(opType);
3327
3328    if (values.length > 0)
3329    {
3330      buffer.append(", values={");
3331      for (int i=0; i < values.length; i++)
3332      {
3333        if (i > 0)
3334        {
3335          buffer.append(", ");
3336        }
3337
3338        buffer.append('\'');
3339        buffer.append(values[i].stringValue());
3340        buffer.append('\'');
3341      }
3342      buffer.append('}');
3343    }
3344
3345    buffer.append(')');
3346  }
3347}