package org.opends.server.core;

import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.SortedSet;
import java.util.TimeZone;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.CopyOnWriteArraySet;
import org.opends.messages.CoreMessages;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
import org.opends.server.admin.std.server.PasswordPolicyCfg;
import org.opends.server.admin.std.server.PasswordValidatorCfg;
import org.opends.server.api.AccountStatusNotificationHandler;
import org.opends.server.api.PasswordGenerator;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.PasswordValidator;
import org.opends.server.config.ConfigConstants;
import org.opends.server.config.ConfigException;
import org.opends.server.loggers.debug.DebugLogger;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.protocols.asn1.ASN1OctetString;
import org.opends.server.schema.GeneralizedTimeSyntax;
import org.opends.server.schema.SchemaConstants;
import org.opends.server.types.AttributeType;
import org.opends.server.types.DN;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.InitializationException;
import org.opends.server.util.ServerConstants;
import org.opends.server.util.StaticUtils;

/* loaded from: input_file:org/opends/server/core/PasswordPolicy.class */
public class PasswordPolicy {
    private static final DebugTracer TRACER = DebugLogger.getTracer();
    private final DN configEntryDN;
    private final AttributeType passwordAttribute;
    private final boolean authPasswordSyntax;
    private boolean allowExpiredPasswordChanges;
    private boolean allowMultiplePasswordValues;
    private boolean allowPreEncodedPasswords;
    private boolean allowUserPasswordChanges;
    private boolean expirePasswordsWithoutWarning;
    private boolean forceChangeOnAdd;
    private boolean forceChangeOnReset;
    private boolean requireCurrentPassword;
    private boolean requireSecureAuthentication;
    private boolean requireSecurePasswordChanges;
    private boolean skipValidationForAdministrators;
    private ConcurrentHashMap<DN, AccountStatusNotificationHandler> notificationHandlers;
    private ConcurrentHashMap<DN, PasswordValidator<? extends PasswordValidatorCfg>> passwordValidators;
    private CopyOnWriteArrayList<PasswordStorageScheme> defaultStorageSchemes;
    private CopyOnWriteArraySet<String> deprecatedStorageSchemes;
    private DN passwordGeneratorDN;
    private PasswordGenerator passwordGenerator;
    private int graceLoginCount;
    private int historyCount;
    private int historyDuration;
    private int idleLockoutInterval;
    private int lockoutDuration;
    private int lockoutFailureCount;
    private int lockoutFailureExpirationInterval;
    private int maximumPasswordAge;
    private int maximumPasswordResetAge;
    private int minimumPasswordAge;
    private int warningInterval;
    private long requireChangeByTime;
    private AttributeType lastLoginTimeAttribute;
    private String lastLoginTimeFormat;
    private CopyOnWriteArrayList<String> previousLastLoginTimeFormats;
    private PasswordPolicyCfgDefn.StateUpdateFailurePolicy stateUpdateFailurePolicy;

    public PasswordPolicy(PasswordPolicyCfg passwordPolicyCfg) throws ConfigException, InitializationException {
        this.allowExpiredPasswordChanges = false;
        this.allowMultiplePasswordValues = false;
        this.allowPreEncodedPasswords = false;
        this.allowUserPasswordChanges = true;
        this.expirePasswordsWithoutWarning = false;
        this.forceChangeOnAdd = false;
        this.forceChangeOnReset = false;
        this.requireCurrentPassword = false;
        this.requireSecureAuthentication = false;
        this.requireSecurePasswordChanges = false;
        this.skipValidationForAdministrators = false;
        this.notificationHandlers = new ConcurrentHashMap<>();
        this.passwordValidators = new ConcurrentHashMap<>();
        this.defaultStorageSchemes = new CopyOnWriteArrayList<>();
        PasswordStorageScheme passwordStorageScheme = DirectoryServer.getPasswordStorageScheme("SSHA");
        if (passwordStorageScheme != null) {
            this.defaultStorageSchemes.add(passwordStorageScheme);
        }
        this.deprecatedStorageSchemes = new CopyOnWriteArraySet<>();
        this.passwordGeneratorDN = null;
        this.passwordGenerator = null;
        this.graceLoginCount = 0;
        this.historyCount = 0;
        this.historyDuration = 0;
        this.idleLockoutInterval = 0;
        this.lockoutDuration = 0;
        this.lockoutFailureCount = 0;
        this.lockoutFailureExpirationInterval = 0;
        this.maximumPasswordAge = 0;
        this.maximumPasswordResetAge = 0;
        this.minimumPasswordAge = 0;
        this.warningInterval = ConfigConstants.DEFAULT_PWPOLICY_WARNING_INTERVAL;
        this.requireChangeByTime = -1L;
        this.lastLoginTimeAttribute = null;
        this.lastLoginTimeFormat = null;
        this.previousLastLoginTimeFormats = new CopyOnWriteArrayList<>();
        this.stateUpdateFailurePolicy = PasswordPolicyCfgDefn.StateUpdateFailurePolicy.REACTIVE;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(ServerConstants.TIME_UNIT_SECONDS_ABBR, Double.valueOf(1.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_SECONDS_FULL, Double.valueOf(1.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_MINUTES_ABBR, Double.valueOf(60.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_MINUTES_FULL, Double.valueOf(60.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_HOURS_ABBR, Double.valueOf(3600.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_HOURS_FULL, Double.valueOf(3600.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_DAYS_ABBR, Double.valueOf(86400.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_DAYS_FULL, Double.valueOf(86400.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_WEEKS_ABBR, Double.valueOf(604800.0d));
        linkedHashMap.put(ServerConstants.TIME_UNIT_WEEKS_FULL, Double.valueOf(604800.0d));
        this.configEntryDN = passwordPolicyCfg.dn();
        this.passwordAttribute = passwordPolicyCfg.getPasswordAttribute();
        String syntaxOID = this.passwordAttribute.getSyntaxOID();
        if (syntaxOID.equals(SchemaConstants.SYNTAX_AUTH_PASSWORD_OID)) {
            this.authPasswordSyntax = true;
        } else {
            if (!syntaxOID.equals(SchemaConstants.SYNTAX_USER_PASSWORD_OID)) {
                String syntaxName = this.passwordAttribute.getSyntax().getSyntaxName();
                throw new ConfigException(CoreMessages.ERR_PWPOLICY_INVALID_PASSWORD_ATTRIBUTE_SYNTAX.get(String.valueOf(this.configEntryDN), this.passwordAttribute.getNameOrOID(), String.valueOf((syntaxName == null || syntaxName.length() == 0) ? syntaxOID : syntaxName)));
            }
            this.authPasswordSyntax = false;
        }
        SortedSet<DN> defaultPasswordStorageSchemeDN = passwordPolicyCfg.getDefaultPasswordStorageSchemeDN();
        try {
            if (defaultPasswordStorageSchemeDN == null) {
                throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_DEFAULT_STORAGE_SCHEMES.get(String.valueOf(this.configEntryDN)));
            }
            LinkedList linkedList = new LinkedList();
            for (DN dn : defaultPasswordStorageSchemeDN) {
                PasswordStorageScheme passwordStorageScheme2 = DirectoryServer.getPasswordStorageScheme(dn);
                if (passwordStorageScheme2 == null) {
                    throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_SUCH_DEFAULT_SCHEME.get(String.valueOf(dn), String.valueOf(dn)));
                }
                if (this.authPasswordSyntax && !passwordStorageScheme2.supportsAuthPasswordSyntax()) {
                    throw new ConfigException(CoreMessages.ERR_PWPOLICY_SCHEME_DOESNT_SUPPORT_AUTH.get(String.valueOf(dn), this.passwordAttribute.getNameOrOID()));
                }
                linkedList.add(passwordStorageScheme2);
            }
            this.defaultStorageSchemes = new CopyOnWriteArrayList<>(linkedList);
            SortedSet<DN> deprecatedPasswordStorageSchemeDN = passwordPolicyCfg.getDeprecatedPasswordStorageSchemeDN();
            if (deprecatedPasswordStorageSchemeDN != null) {
                try {
                    LinkedHashSet linkedHashSet = new LinkedHashSet();
                    for (DN dn2 : deprecatedPasswordStorageSchemeDN) {
                        PasswordStorageScheme passwordStorageScheme3 = DirectoryServer.getPasswordStorageScheme(dn2);
                        if (passwordStorageScheme3 == null) {
                            throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_SUCH_DEPRECATED_SCHEME.get(String.valueOf(this.configEntryDN), String.valueOf(dn2)));
                        }
                        if (!this.authPasswordSyntax) {
                            linkedHashSet.add(StaticUtils.toLowerCase(passwordStorageScheme3.getStorageSchemeName()));
                        } else {
                            if (!passwordStorageScheme3.supportsAuthPasswordSyntax()) {
                                throw new ConfigException(CoreMessages.ERR_PWPOLICY_DEPRECATED_SCHEME_NOT_AUTH.get(String.valueOf(this.configEntryDN), String.valueOf(dn2)));
                            }
                            linkedHashSet.add(passwordStorageScheme3.getAuthPasswordSchemeName());
                        }
                    }
                    this.deprecatedStorageSchemes = new CopyOnWriteArraySet<>(linkedHashSet);
                } catch (Exception e) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e);
                    }
                    throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_DEPRECATED_STORAGE_SCHEMES.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e)), e);
                }
            }
            SortedSet<DN> passwordValidatorDN = passwordPolicyCfg.getPasswordValidatorDN();
            if (passwordValidatorDN != null) {
                try {
                    ConcurrentHashMap<DN, PasswordValidator<? extends PasswordValidatorCfg>> concurrentHashMap = new ConcurrentHashMap<>();
                    for (DN dn3 : passwordValidatorDN) {
                        PasswordValidator<? extends PasswordValidatorCfg> passwordValidator = DirectoryServer.getPasswordValidator(dn3);
                        if (passwordValidator == null) {
                            throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_SUCH_VALIDATOR.get(String.valueOf(this.configEntryDN), String.valueOf(dn3)));
                        }
                        concurrentHashMap.put(dn3, passwordValidator);
                    }
                    this.passwordValidators = concurrentHashMap;
                } catch (ConfigException e2) {
                    throw e2;
                } catch (Exception e3) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e3);
                    }
                    throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_PASSWORD_VALIDATORS.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e3)), e3);
                }
            }
            SortedSet<DN> accountStatusNotificationHandlerDN = passwordPolicyCfg.getAccountStatusNotificationHandlerDN();
            if (accountStatusNotificationHandlerDN != null) {
                try {
                    ConcurrentHashMap<DN, AccountStatusNotificationHandler> concurrentHashMap2 = new ConcurrentHashMap<>();
                    for (DN dn4 : accountStatusNotificationHandlerDN) {
                        AccountStatusNotificationHandler accountStatusNotificationHandler = DirectoryServer.getAccountStatusNotificationHandler(dn4);
                        if (accountStatusNotificationHandler == null) {
                            throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_SUCH_NOTIFICATION_HANDLER.get(String.valueOf(this.configEntryDN), String.valueOf(dn4)));
                        }
                        concurrentHashMap2.put(dn4, accountStatusNotificationHandler);
                    }
                    this.notificationHandlers = concurrentHashMap2;
                } catch (ConfigException e4) {
                    throw e4;
                } catch (Exception e5) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e5);
                    }
                    throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_NOTIFICATION_HANDLERS.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e5)), e5);
                }
            }
            this.allowUserPasswordChanges = passwordPolicyCfg.isAllowUserPasswordChanges();
            this.requireCurrentPassword = passwordPolicyCfg.isPasswordChangeRequiresCurrentPassword();
            this.forceChangeOnAdd = passwordPolicyCfg.isForceChangeOnAdd();
            this.forceChangeOnReset = passwordPolicyCfg.isForceChangeOnReset();
            this.skipValidationForAdministrators = passwordPolicyCfg.isSkipValidationForAdministrators();
            DN passwordGeneratorDN = passwordPolicyCfg.getPasswordGeneratorDN();
            if (passwordGeneratorDN != null) {
                try {
                    PasswordGenerator passwordGenerator = DirectoryServer.getPasswordGenerator(passwordGeneratorDN);
                    if (passwordGenerator == null) {
                        throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_SUCH_GENERATOR.get(String.valueOf(this.configEntryDN), String.valueOf(passwordGeneratorDN)));
                    }
                    this.passwordGeneratorDN = passwordGeneratorDN;
                    this.passwordGenerator = passwordGenerator;
                } catch (ConfigException e6) {
                    throw e6;
                } catch (Exception e7) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e7);
                    }
                    throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_PASSWORD_GENERATOR.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e7)), e7);
                }
            }
            this.requireSecureAuthentication = passwordPolicyCfg.isRequireSecureAuthentication();
            this.requireSecurePasswordChanges = passwordPolicyCfg.isRequireSecurePasswordChanges();
            this.allowMultiplePasswordValues = passwordPolicyCfg.isAllowMultiplePasswordValues();
            this.allowPreEncodedPasswords = passwordPolicyCfg.isAllowPreEncodedPasswords();
            this.minimumPasswordAge = (int) passwordPolicyCfg.getMinimumPasswordAge();
            this.maximumPasswordAge = (int) passwordPolicyCfg.getMaximumPasswordAge();
            this.maximumPasswordResetAge = (int) passwordPolicyCfg.getMaximumPasswordResetAge();
            this.warningInterval = (int) passwordPolicyCfg.getPasswordExpirationWarningInterval();
            this.expirePasswordsWithoutWarning = passwordPolicyCfg.isExpirePasswordsWithoutWarning();
            if (!expirePasswordsWithoutWarning() && getWarningInterval() <= 0) {
                throw new ConfigException(CoreMessages.ERR_PWPOLICY_MUST_HAVE_WARNING_IF_NOT_EXPIRE_WITHOUT_WARNING.get(String.valueOf(this.configEntryDN)));
            }
            this.allowExpiredPasswordChanges = passwordPolicyCfg.isAllowExpiredPasswordChanges();
            this.graceLoginCount = passwordPolicyCfg.getGraceLoginCount();
            this.lockoutFailureCount = passwordPolicyCfg.getLockoutFailureCount();
            this.lockoutDuration = (int) passwordPolicyCfg.getLockoutDuration();
            this.lockoutFailureExpirationInterval = (int) passwordPolicyCfg.getLockoutFailureExpirationInterval();
            String requireChangeByTime = passwordPolicyCfg.getRequireChangeByTime();
            if (requireChangeByTime != null) {
                try {
                    ASN1OctetString aSN1OctetString = new ASN1OctetString(requireChangeByTime);
                    GeneralizedTimeSyntax generalizedTimeSyntax = (GeneralizedTimeSyntax) DirectoryServer.getAttributeSyntax(SchemaConstants.SYNTAX_GENERALIZED_TIME_OID, false);
                    if (generalizedTimeSyntax == null) {
                        this.requireChangeByTime = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(aSN1OctetString);
                    } else {
                        this.requireChangeByTime = GeneralizedTimeSyntax.decodeGeneralizedTimeValue(generalizedTimeSyntax.getEqualityMatchingRule().normalizeValue(aSN1OctetString));
                    }
                } catch (Exception e8) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e8);
                    }
                    throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_REQUIRE_CHANGE_BY_TIME.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e8)), e8);
                }
            }
            this.lastLoginTimeAttribute = passwordPolicyCfg.getLastLoginTimeAttribute();
            String lastLoginTimeFormat = passwordPolicyCfg.getLastLoginTimeFormat();
            if (lastLoginTimeFormat != null) {
                try {
                    try {
                        new SimpleDateFormat(lastLoginTimeFormat);
                        this.lastLoginTimeFormat = lastLoginTimeFormat;
                    } catch (Exception e9) {
                        if (DebugLogger.debugEnabled()) {
                            TRACER.debugCaught(DebugLogLevel.ERROR, e9);
                        }
                        throw new ConfigException(CoreMessages.ERR_PWPOLICY_INVALID_LAST_LOGIN_TIME_FORMAT.get(String.valueOf(this.configEntryDN), String.valueOf(lastLoginTimeFormat)));
                    }
                } catch (ConfigException e10) {
                    throw e10;
                } catch (Exception e11) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e11);
                    }
                    throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_LAST_LOGIN_TIME_FORMAT.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e11)), e11);
                }
            }
            SortedSet<String> previousLastLoginTimeFormat = passwordPolicyCfg.getPreviousLastLoginTimeFormat();
            if (previousLastLoginTimeFormat != null) {
                try {
                    for (String str : previousLastLoginTimeFormat) {
                        try {
                            new SimpleDateFormat(str);
                        } catch (Exception e12) {
                            if (DebugLogger.debugEnabled()) {
                                TRACER.debugCaught(DebugLogLevel.ERROR, e12);
                            }
                            throw new ConfigException(CoreMessages.ERR_PWPOLICY_INVALID_PREVIOUS_LAST_LOGIN_TIME_FORMAT.get(String.valueOf(this.configEntryDN), String.valueOf(str)));
                        }
                    }
                    this.previousLastLoginTimeFormats = new CopyOnWriteArrayList<>(previousLastLoginTimeFormat);
                } catch (ConfigException e13) {
                    throw e13;
                } catch (Exception e14) {
                    if (DebugLogger.debugEnabled()) {
                        TRACER.debugCaught(DebugLogLevel.ERROR, e14);
                    }
                    throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_PREVIOUS_LAST_LOGIN_TIME_FORMAT.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e14)), e14);
                }
            }
            this.idleLockoutInterval = (int) passwordPolicyCfg.getIdleLockoutInterval();
            this.stateUpdateFailurePolicy = passwordPolicyCfg.getStateUpdateFailurePolicy();
            this.historyCount = passwordPolicyCfg.getPasswordHistoryCount();
            this.historyDuration = (int) passwordPolicyCfg.getPasswordHistoryDuration();
            if (this.passwordAttribute == null) {
                throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_PASSWORD_ATTRIBUTE.get(String.valueOf(this.configEntryDN)));
            }
            if (this.defaultStorageSchemes.isEmpty()) {
                throw new ConfigException(CoreMessages.ERR_PWPOLICY_NO_DEFAULT_STORAGE_SCHEMES.get(String.valueOf(this.configEntryDN)));
            }
            if (this.maximumPasswordAge > 0) {
                int max = Math.max(0, this.warningInterval);
                if (this.minimumPasswordAge > 0) {
                    if (max + this.minimumPasswordAge >= this.maximumPasswordAge) {
                        throw new ConfigException(CoreMessages.ERR_PWPOLICY_MIN_AGE_PLUS_WARNING_GREATER_THAN_MAX_AGE.get(String.valueOf(this.configEntryDN)));
                    }
                } else if (max >= this.maximumPasswordAge) {
                    throw new ConfigException(CoreMessages.ERR_PWPOLICY_WARNING_INTERVAL_LARGER_THAN_MAX_AGE.get(String.valueOf(this.configEntryDN)));
                }
            }
        } catch (ConfigException e15) {
            throw e15;
        } catch (Exception e16) {
            if (DebugLogger.debugEnabled()) {
                TRACER.debugCaught(DebugLogLevel.ERROR, e16);
            }
            throw new InitializationException(CoreMessages.ERR_PWPOLICY_CANNOT_DETERMINE_DEFAULT_STORAGE_SCHEMES.get(String.valueOf(this.configEntryDN), StaticUtils.getExceptionMessage(e16)), e16);
        }
    }

    public DN getConfigEntryDN() {
        return this.configEntryDN;
    }

    public AttributeType getPasswordAttribute() {
        return this.passwordAttribute;
    }

    public boolean usesAuthPasswordSyntax() {
        return this.authPasswordSyntax;
    }

    public CopyOnWriteArrayList<PasswordStorageScheme> getDefaultStorageSchemes() {
        return this.defaultStorageSchemes;
    }

    public boolean isDefaultStorageScheme(String str) {
        CopyOnWriteArrayList<PasswordStorageScheme> defaultStorageSchemes = getDefaultStorageSchemes();
        if (defaultStorageSchemes == null) {
            return false;
        }
        Iterator<PasswordStorageScheme> it = defaultStorageSchemes.iterator();
        while (it.hasNext()) {
            PasswordStorageScheme next = it.next();
            if (this.authPasswordSyntax) {
                if (next.getAuthPasswordSchemeName().equalsIgnoreCase(str)) {
                    return true;
                }
            } else if (next.getStorageSchemeName().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public CopyOnWriteArraySet<String> getDeprecatedStorageSchemes() {
        return this.deprecatedStorageSchemes;
    }

    public boolean isDeprecatedStorageScheme(String str) {
        CopyOnWriteArraySet<String> deprecatedStorageSchemes = getDeprecatedStorageSchemes();
        if (deprecatedStorageSchemes == null) {
            return false;
        }
        Iterator<String> it = deprecatedStorageSchemes.iterator();
        while (it.hasNext()) {
            if (it.next().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public ConcurrentHashMap<DN, PasswordValidator<? extends PasswordValidatorCfg>> getPasswordValidators() {
        return this.passwordValidators;
    }

    public ConcurrentHashMap<DN, AccountStatusNotificationHandler> getAccountStatusNotificationHandlers() {
        return this.notificationHandlers;
    }

    public boolean allowUserPasswordChanges() {
        return this.allowUserPasswordChanges;
    }

    public boolean requireCurrentPassword() {
        return this.requireCurrentPassword;
    }

    public boolean forceChangeOnAdd() {
        return this.forceChangeOnAdd;
    }

    public boolean forceChangeOnReset() {
        return this.forceChangeOnReset;
    }

    public boolean skipValidationForAdministrators() {
        return this.skipValidationForAdministrators;
    }

    public DN getPasswordGeneratorDN() {
        return this.passwordGeneratorDN;
    }

    public PasswordGenerator getPasswordGenerator() {
        return this.passwordGenerator;
    }

    public int getPasswordHistoryCount() {
        return this.historyCount;
    }

    public int getPasswordHistoryDuration() {
        return this.historyDuration;
    }

    public boolean requireSecureAuthentication() {
        return this.requireSecureAuthentication;
    }

    public boolean requireSecurePasswordChanges() {
        return this.requireSecurePasswordChanges;
    }

    public boolean allowMultiplePasswordValues() {
        return this.allowMultiplePasswordValues;
    }

    public boolean allowPreEncodedPasswords() {
        return this.allowPreEncodedPasswords;
    }

    public int getMinimumPasswordAge() {
        if (this.minimumPasswordAge <= 0) {
            return 0;
        }
        return this.minimumPasswordAge;
    }

    public int getMaximumPasswordAge() {
        if (this.maximumPasswordAge < 0) {
            return 0;
        }
        return this.maximumPasswordAge;
    }

    public int getMaximumPasswordResetAge() {
        if (this.maximumPasswordResetAge < 0) {
            return 0;
        }
        return this.maximumPasswordResetAge;
    }

    public int getWarningInterval() {
        if (this.warningInterval < 0) {
            return 0;
        }
        return this.warningInterval;
    }

    public boolean expirePasswordsWithoutWarning() {
        return this.expirePasswordsWithoutWarning;
    }

    public boolean allowExpiredPasswordChanges() {
        return this.allowExpiredPasswordChanges;
    }

    public int getGraceLoginCount() {
        if (this.graceLoginCount < 0) {
            return 0;
        }
        return this.graceLoginCount;
    }

    public int getLockoutFailureCount() {
        if (this.lockoutFailureCount < 0) {
            return 0;
        }
        return this.lockoutFailureCount;
    }

    public int getLockoutDuration() {
        if (this.lockoutDuration < 0) {
            return 0;
        }
        return this.lockoutDuration;
    }

    public int getLockoutFailureExpirationInterval() {
        if (this.lockoutFailureExpirationInterval < 0) {
            return 0;
        }
        return this.lockoutFailureExpirationInterval;
    }

    public long getRequireChangeByTime() {
        if (this.requireChangeByTime < 0) {
            return 0L;
        }
        return this.requireChangeByTime;
    }

    public AttributeType getLastLoginTimeAttribute() {
        return this.lastLoginTimeAttribute;
    }

    public String getLastLoginTimeFormat() {
        return this.lastLoginTimeFormat;
    }

    public CopyOnWriteArrayList<String> getPreviousLastLoginTimeFormats() {
        return this.previousLastLoginTimeFormats;
    }

    public int getIdleLockoutInterval() {
        if (this.idleLockoutInterval < 0) {
            return 0;
        }
        return this.idleLockoutInterval;
    }

    public PasswordPolicyCfgDefn.StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
        return this.stateUpdateFailurePolicy;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder();
        toString(sb);
        return sb.toString();
    }

    public void toString(StringBuilder sb) {
        sb.append("Password Attribute:                    ");
        sb.append(this.passwordAttribute.getNameOrOID());
        sb.append(ServerConstants.EOL);
        sb.append("Default Password Storage Schemes:      ");
        if (this.defaultStorageSchemes == null || this.defaultStorageSchemes.isEmpty()) {
            sb.append("{none specified}");
            sb.append(ServerConstants.EOL);
        } else {
            Iterator<PasswordStorageScheme> it = this.defaultStorageSchemes.iterator();
            sb.append(it.next().getStorageSchemeName());
            sb.append(ServerConstants.EOL);
            while (it.hasNext()) {
                sb.append("                                       ");
                sb.append(it.next().getStorageSchemeName());
                sb.append(ServerConstants.EOL);
            }
        }
        sb.append("Deprecated Password Storage Schemes:   ");
        if (this.deprecatedStorageSchemes == null || this.deprecatedStorageSchemes.isEmpty()) {
            sb.append("{none specified}");
            sb.append(ServerConstants.EOL);
        } else {
            Iterator<String> it2 = this.deprecatedStorageSchemes.iterator();
            sb.append(it2.next());
            sb.append(ServerConstants.EOL);
            while (it2.hasNext()) {
                sb.append("                                       ");
                sb.append(it2.next());
                sb.append(ServerConstants.EOL);
            }
        }
        sb.append("Allow Multiple Password Values:        ");
        sb.append(this.allowMultiplePasswordValues);
        sb.append(ServerConstants.EOL);
        sb.append("Allow Pre-Encoded Passwords:           ");
        sb.append(this.allowPreEncodedPasswords);
        sb.append(ServerConstants.EOL);
        sb.append("Allow User Password Changes:           ");
        sb.append(this.allowUserPasswordChanges);
        sb.append(ServerConstants.EOL);
        sb.append("Force Password Change on Add:          ");
        sb.append(this.forceChangeOnAdd);
        sb.append(ServerConstants.EOL);
        sb.append("Force Password Change on Admin Reset:  ");
        sb.append(this.forceChangeOnReset);
        sb.append(ServerConstants.EOL);
        sb.append("Require Current Password:              ");
        sb.append(this.requireCurrentPassword);
        sb.append(ServerConstants.EOL);
        sb.append("Require Secure Authentication:         ");
        sb.append(this.requireSecureAuthentication);
        sb.append(ServerConstants.EOL);
        sb.append("Require Secure Password Changes:       ");
        sb.append(this.requireSecurePasswordChanges);
        sb.append(ServerConstants.EOL);
        sb.append("Lockout Failure Expiration Interval:   ");
        sb.append(this.lockoutFailureExpirationInterval);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("Password Validators:                   ");
        if (this.passwordValidators == null || this.passwordValidators.isEmpty()) {
            sb.append("{none specified}");
            sb.append(ServerConstants.EOL);
        } else {
            Iterator<DN> it3 = this.passwordValidators.keySet().iterator();
            it3.next().toString(sb);
            sb.append(ServerConstants.EOL);
            while (it3.hasNext()) {
                sb.append("                                       ");
                it3.next().toString(sb);
                sb.append(ServerConstants.EOL);
            }
        }
        sb.append("Skip Validation for Administrators:    ");
        sb.append(this.skipValidationForAdministrators);
        sb.append(ServerConstants.EOL);
        sb.append("Password Generator:                    ");
        if (this.passwordGenerator == null) {
            sb.append("{none specified}");
        } else {
            this.passwordGeneratorDN.toString(sb);
        }
        sb.append(ServerConstants.EOL);
        sb.append("Account Status Notification Handlers:  ");
        if (this.notificationHandlers == null || this.notificationHandlers.isEmpty()) {
            sb.append("{none specified}");
            sb.append(ServerConstants.EOL);
        } else {
            Iterator<DN> it4 = this.notificationHandlers.keySet().iterator();
            it4.next().toString(sb);
            sb.append(ServerConstants.EOL);
            while (it4.hasNext()) {
                sb.append("                                       ");
                it4.next().toString(sb);
                sb.append(ServerConstants.EOL);
            }
        }
        sb.append("Minimum Password Age:                  ");
        sb.append(this.minimumPasswordAge);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("Maximum Password Age:                  ");
        sb.append(this.maximumPasswordAge);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("Maximum Password Reset Age:            ");
        sb.append(this.maximumPasswordResetAge);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("Expiration Warning Interval:           ");
        sb.append(this.warningInterval);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("Expire Passwords Without Warning:      ");
        sb.append(this.expirePasswordsWithoutWarning);
        sb.append(ServerConstants.EOL);
        sb.append("Allow Expired Password Changes:        ");
        sb.append(this.allowExpiredPasswordChanges);
        sb.append(ServerConstants.EOL);
        sb.append("Grace Login Count:                     ");
        sb.append(this.graceLoginCount);
        sb.append(ServerConstants.EOL);
        sb.append("Lockout Failure Count:                 ");
        sb.append(this.lockoutFailureCount);
        sb.append(ServerConstants.EOL);
        sb.append("Lockout Duration:                      ");
        sb.append(this.lockoutDuration);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("Lockout Count Expiration Interval:     ");
        sb.append(this.lockoutFailureExpirationInterval);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("Required Password Change By Time:      ");
        if (this.requireChangeByTime <= 0) {
            sb.append("{none specified}");
        } else {
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat(ServerConstants.DATE_FORMAT_GENERALIZED_TIME);
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone(ServerConstants.TIME_ZONE_UTC));
            sb.append(simpleDateFormat.format(new Date(this.requireChangeByTime)));
        }
        sb.append(ServerConstants.EOL);
        sb.append("Last Login Time Attribute:             ");
        if (this.lastLoginTimeAttribute == null) {
            sb.append("{none specified}");
        } else {
            sb.append(this.lastLoginTimeAttribute.getNameOrOID());
        }
        sb.append(ServerConstants.EOL);
        sb.append("Last Login Time Format:                ");
        if (this.lastLoginTimeFormat == null) {
            sb.append("{none specified}");
        } else {
            sb.append(this.lastLoginTimeFormat);
        }
        sb.append(ServerConstants.EOL);
        sb.append("Previous Last Login Time Formats:      ");
        if (this.previousLastLoginTimeFormats == null || this.previousLastLoginTimeFormats.isEmpty()) {
            sb.append("{none specified}");
            sb.append(ServerConstants.EOL);
        } else {
            Iterator<String> it5 = this.previousLastLoginTimeFormats.iterator();
            sb.append(it5.next());
            sb.append(ServerConstants.EOL);
            while (it5.hasNext()) {
                sb.append("                                       ");
                sb.append(it5.next());
                sb.append(ServerConstants.EOL);
            }
        }
        sb.append("Idle Lockout Interval:                 ");
        sb.append(this.idleLockoutInterval);
        sb.append(" seconds");
        sb.append(ServerConstants.EOL);
        sb.append("History Count:                         ");
        sb.append(this.historyCount);
        sb.append(ServerConstants.EOL);
        sb.append("Update Failure Policy:                 ");
        sb.append(this.stateUpdateFailurePolicy.toString());
        sb.append(ServerConstants.EOL);
    }
}
