001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: Condition.java,v 1.7 2009/06/19 22:54:46 mrudul_uchil Exp $
026 *
027 */
028
029package com.sun.identity.policy.interfaces;
030
031import com.sun.identity.policy.ConditionDecision;
032import com.sun.identity.policy.PolicyException;
033import com.sun.identity.policy.Syntax;
034import com.iplanet.sso.SSOToken;
035import com.iplanet.sso.SSOException;
036
037import java.util.List;
038import java.util.Locale;
039import java.util.Map;
040import java.util.Set;
041
042/**
043 * The class <code>Condition</code> defines an interface 
044 * to allow pluggable condition. These are used to control 
045 * policy decisions based on parameters such as time,
046 * authentication level of the user session and IP address from which
047 * the user is making the request.
048 *
049 * A condition computes a <code>ConditionDecision</code> based on the state
050 * of condition object as  set by <code>setProperties</code> 
051 * method call and the environment passed in a map of key/value pairs. 
052 *
053 * <code>ConditionDecision</code> encapsulates  whether a <code>Policy</code> 
054 * applies for the request and <code>Advice</code> messages  generated by 
055 * the condition.
056 *
057 * The following Condition implementation are provided with the 
058 * Policy framework:
059 * <ul>
060 * <li>AuthLevelCondition</li>
061 * <li>LEAuthLevelCondition</li>
062 * <li>AuthSchemeCondition</li>
063 * <li>IPCondition</li>
064 * <li>SimpleTimeCondition</li>
065 * <li>SessionCondition</li>
066 * <li>SessionPropertyCondition</li>
067 * <li>AuthenticateToRealmCondition</li>
068 * <li>AuthenticateToServiceCondition</li>
069 * <li>LDAPFilterCondition</li>
070 * </ul>
071 *
072 * All condition implementations should have a public no argument 
073 * constructor.
074 *
075 * @see com.sun.identity.policy.ConditionDecision
076 * @supported.all.api
077 */
078public interface Condition extends Cloneable {
079
080    /**
081     * Following keys are used to define relevant key names for processing
082     * the environment Map of an AuthLevelCondition or LEAuthLevelCondition.
083     */
084
085    /** Key that is used to define the minimum authentication level 
086     *  in an <code>AuthLevelCondition</code> or the maximum authentication 
087     *  level in a  <code>LEAuthLevelCondition</code> of a  policy being 
088     *  evaluated. In case of <code>AuthLevelCondition</code> policy would 
089     *  apply if the request authentication level is at least the level 
090     *  defined in condition while in case of <code>LEAuthLevelCondition</code> 
091     *  policy would apply if the request authentication level is less than
092     *  or equal to the level defined in the condition.
093     *  The value should be a <code>Set</code> with only one 
094     *  element. The element should be a  <code>String</code>, parse-able as 
095     *  an integer or a realm qualified integer like "sun:1" where "sun" is a 
096     *  realm name.":" needs to used a delimiter between realm name and the 
097     *  level.
098     *
099     *  @see #setProperties(Map)
100     */
101    public static final String AUTH_LEVEL = "AuthLevel";
102
103    /** Key that is used to define the authentication level of the request.
104     *  Its passed down in the <code>env</code> Map to the 
105     *  <code>getConditionDecision</code> call of an <code>AuthLevelCondition
106     *  </code> or <code>LEAuthLevelCondition</code> for condition evaluation.
107     *  <p>
108     *  The value should be  an Integer or a <code>Set</code> of 
109     *  <code>String</code>s. If it is a <code>Set</code> of 
110     *  <code>String</code>s, each element of the set has to be parseable as 
111     *  integer or should be a realm qualified integer like "sun:1". If the 
112     *  <code>env</code> parameter is null or does not
113     *  define value for <code>REQUEST_AUTH_LEVEL</code>,  the value for
114     *  <code>REQUEST_AUTH_LEVEL</code> is obtained from the single sign
115     *  on token of the user 
116     *
117     *  @see #getConditionDecision(SSOToken, Map)
118     *  @see #AUTH_LEVEL
119     */
120    public static final String REQUEST_AUTH_LEVEL = "requestAuthLevel";
121
122    /**
123     * Following keys are used to define relevant key names for processing
124     * the environment Map of an AuthSchemeConditon.
125     */
126
127    /** Key that is used to define the authentication scheme 
128     *  in an <code>AuthSchemeCondition</code> of a policy.
129     *  Policy would apply if the authentication scheme of the request is same
130     *  as defined in the condition. The value should be
131     *  a <code>Set</code> with only one element. The element should be a 
132     *  <code>String</code>, the authentication scheme name.
133     *
134     *  @see #setProperties(Map)
135     */
136    public static final String AUTH_SCHEME = "AuthScheme";
137
138    /**
139     * Key that is used to specify application name
140     * for the resources protected by the policy
141     */
142    public static final String APPLICATION_NAME = "ApplicationName";
143
144    /**
145     * Key that is used to specify the application
146     * idle time out
147     */
148    public static final String APPLICATION_IDLE_TIMEOUT
149            = "ApplicationIdleTimeout";
150
151    /** Key that is used to define the name of authentication scheme of the 
152     *  request. Its passed down as part of the <code>env</code> Map to
153     *  <code>getConditionDecision</code> of an <code>AuthSchemeCondition</code>
154     *  for condition evaluation.
155     *  Value for the key should be a <code>Set</code> with each element being 
156     *  a <code>String</code>.
157     *  If the <code>env</code> parameter is null or does not
158     *  define value for <code>REQUEST_AUTH_SCHEMES</code>,  the value for
159     *  <code>REQUEST_AUTH_SCHEMES</code> is obtained from the single sign
160     *  on token of the user 
161     *
162     *  @see #getConditionDecision(SSOToken, Map)
163     *  @see #AUTH_SCHEME
164     */
165    public static final String REQUEST_AUTH_SCHEMES = "requestAuthSchemes";
166
167    /**
168     * Following keys are used to define relevant key names for processing
169     * the environment Map of an AuthenticateToRealmCondition.
170     */
171
172    /** Key used in <code>AuthenticateToRealmCondition</code> to specify the 
173     *  realm for which the user should authenticate for the policy to apply. 
174     *  The value should be  a <code>Set</code> with only one element. 
175     *  The should be a  <code>String</code>, the realm name.
176     *
177     *  @see #setProperties(Map)
178     */
179    public static final String AUTHENTICATE_TO_REALM = "AuthenticateToRealm";
180
181
182    /** Key that is used to identify the names of authenticated realms 
183     *  in the request. Its passed down as part of the <code>env</code> Map to
184     *  <code>getConditionDecision</code> of an <code>
185     *  AuthenticateToRealmCondition</code> for condition evaluation.
186     *  Value for the key should be a <code>Set</code> with each element being 
187     *  a <code>String</code>
188     *  If the <code>env</code> parameter is null or does not
189     *  define value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code>,  the 
190     *  value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code> is obtained 
191     *  from the single sign on token of the user 
192     *
193     *  @see #getConditionDecision(SSOToken, Map)
194     *  @see #AUTHENTICATE_TO_REALM
195     */
196    public static final String REQUEST_AUTHENTICATED_TO_REALMS
197            = "requestAuthenticatedToRealms";
198
199    /**
200     * Following keys are used to define relevant key names for processing
201     * the environment Map of an AuthenticateToServiceCondition.
202     */
203
204    /** Key that is used in <code>AuthenticateToServiceCondition</code> to 
205     *  specify the authentication chain for which the user should authenticate 
206     *  for the policy to apply. 
207     *  The value should be  a <code>Set</code> with only one element. 
208     *  The should be a  <code>String</code>, the realm name.
209     *
210     *  @see #setProperties(Map)
211     */
212    public static final String AUTHENTICATE_TO_SERVICE
213            = "AuthenticateToService";
214
215    /** Key that is used to identify the names of authentication chains
216     *  in the request. Its passed down as part of the <code>env</code> Map to
217     *  <code>getConditionDecision</code> of an <code>
218     *  AuthenticateToServiceCondition</code> for condition evaluation.
219     *  Value for the key should be a <code>Set</code> with each element being 
220     *  a <code>String</code>.
221     *  If the <code>env</code> parameter is null or does not
222     *  define value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>,  the 
223     *  value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> is obtained 
224     *  from the single sign on token of the user 
225     *
226     *  @see #getConditionDecision(SSOToken, Map)
227     *  @see #AUTHENTICATE_TO_SERVICE
228     */
229    public static final String REQUEST_AUTHENTICATED_TO_SERVICES
230            = "requestAuthenticatedToServices";
231
232    /** Key that is used identify the advice messages from
233     * <code>AuthSchemeCondition</code>
234     */
235    public static final String AUTH_SCHEME_CONDITION_ADVICE =
236            "AuthSchemeConditionAdvice";
237
238    /** Key that is used identify the advice messages from
239     * <code>AuthenticateToServiceCondition</code>
240     */
241    public static final String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
242            = "AuthenticateToServiceConditionAdvice";
243
244    /** Key that is used identify the advice messages from
245     * <code>AuthLevelCondition</code>.
246     */
247    public static final String AUTH_LEVEL_CONDITION_ADVICE =
248            "AuthLevelConditionAdvice";
249
250    /** Key that is used identify the advice messages from
251     * <code>AuthenticateToRealmCondition</code>
252     */
253    public static final String AUTHENTICATE_TO_REALM_CONDITION_ADVICE =
254            "AuthenticateToRealmConditionAdvice";
255
256    /**
257     * Following keys are used to define relevant key names for processing
258     * the environment Map of an IPCondition.
259     */
260
261    /** Key used in <code>IPCondition</code> to define the  start of IP 
262     * address range for which a policy applies.
263     * The value corresponding to the key  has to be a <code>Set</code> that 
264     * has just one element which is a <code>String</code>
265     * that conforms to the pattern described here. If a value is
266     * defined for START_IP,  a value should also be defined for END_IP.
267     *
268     * The patterns for IP Version 4 is :
269     *    n.n.n.n
270     * where n would take any integer value between 0 and 255 inclusive.
271     *
272     * Some sample values are:
273     *     122.100.85.45
274     *     145.64.55.35
275     *     15.64.55.35
276     *
277     * The patterns for IP Version 6 is:
278     *    x:x:x:x:x:x:x:x
279     * where x are the hexadecimal values of the eight 16-bit pieces of the address
280     *
281     * Some sample values are:
282     *      FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
283     *      1080:0:0:0:8:800:200C:417A
284     *
285     * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a>
286     * @see #setProperties(Map)
287     */
288    public static final String START_IP = "StartIp";
289
290    /** Key that is used in  <code>IPCondition</code> to define the  end of 
291     *  IP address range for which a policy applies. 
292     * The value corresponding to the key has to be a <code>Set</code> that 
293     * has just one element which is a <code>String</code>
294     * that conforms to the pattern described here. If a value is
295     * defined for END_IP,  a value should also be defined for START_IP.
296     *
297     * The patterns is :
298     *    n.n.n.n
299     * where n would take any integer value between 0 and 255 inclusive.
300     *
301     * Some sample values are
302     *     122.100.85.45
303     *     145.64.55.35
304     *     15.64.55.35
305     *
306     * The patterns for IP Version 6 is:
307     *    x:x:x:x:x:x:x:x
308     * where x are the hexadecimal values of the eight 16-bit pieces of the address
309     *
310     * Some sample values are:
311     *      FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
312     *      1080:0:0:0:8:800:200C:417A
313     *
314     * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a>
315     * @see #setProperties(Map)
316     */
317    public static final String END_IP = "EndIp";
318
319    /** Key that is used in an <code>IPCondition</code> to define the  DNS 
320     * name values for which a policy applies. The value corresponding to the 
321     * key has to be a <code>Set</code> where each element is a <code>String
322     * </code> that conforms to the patterns described here.
323     *
324     * The patterns is :
325     * <pre>
326     * ccc.ccc.ccc.ccc
327     * *.ccc.ccc.ccc</pre>
328     * where c is any valid character for DNS domain/host name.
329     * There could be any number of <code>.ccc</code> components.
330     * Some sample values are:
331     * <pre>
332     * www.sun.com
333     * finace.yahoo.com
334     * *.yahoo.com
335     * </pre>
336     *
337     * @see #setProperties(Map)
338     */
339    public static final String DNS_NAME = "DnsName";
340
341
342    /** Key that is used to define request IP address that is passed in
343     * the <code>env</code> parameter while invoking
344     * <code>getConditionDecision</code> method of an <code>IPCondition</code>.
345     * Value for the key should be a <code>String</code> that is a string 
346     * representation of IP of the client,
347     *
348     * For IP version 4:
349     * The form is  n.n.n.n where n is a
350     * value between 0 and 255 inclusive.
351     *
352     * For IP version 6:
353     * The form is x:x:x:x:x:x:x:x where x is
354     * the hexadecimal values of the eight 16-bit pieces of the address
355     *
356     * @see #getConditionDecision(SSOToken, Map)
357     * @see #REQUEST_DNS_NAME
358     */
359    public static final String REQUEST_IP = "requestIp";
360
361    /** Key that is used to define request DNS name that is passed in
362     * the <code>env</code> parameter while invoking
363     * <code>getConditionDecision</code> method of an <code>IPCondition</code>.
364     * Value for the key should be a set of strings representing the
365     * DNS names of the client, in the form <code>ccc.ccc.ccc</code> for IP version 4.
366     * For IP version 6, the form would be <code>x:x:x:x:x:x:x:x</code>
367     * If the <code>env</code> parameter is null or does not
368     * define value for <code>REQUEST_DNS_NAME</code>,  the 
369     * value for <code>REQUEST_DNS_NAME</code> is obtained 
370     * from the single sign on token of the user 
371     *
372     * @see #getConditionDecision(SSOToken, Map)
373     */
374    public static final String REQUEST_DNS_NAME = "requestDnsName";
375
376    /**
377     * Following keys are used to define relevant key names for processing
378     * the environment Map of a LDAPFilterCondition.
379     */
380    /**
381     *  Key that is used in a <code>LDAPFilterCondition</code> to define the 
382     *  ldap filter that should  be satisfied by the ldap entry of the user 
383     *  for the condition to be satisifed
384     *  The value should be a <code>Set</code> with only one element. 
385     *  The element should be a  <code>String</code>.
386     *
387     *  @see #setProperties(Map)
388     */
389    public static final String LDAP_FILTER = "ldapFilter";
390
391    /**
392     * Following keys are used to define relevant key names for processing
393     * the environment Map of a SessionCondition.
394     */
395
396    /**
397     * Key that is used in <code>SessionCondition</code> to define the maximum 
398     * session time in minutes for which a policy applies. 
399     * The value corresponding to the key has to be a  <code>Set</code> that 
400     * has just one element which is a string and parse-able as an 
401     * <code>Integer</code>. 
402     */
403    public static final String MAX_SESSION_TIME = "MaxSessionTime";
404
405    /**
406     * Key in <code>SessionCondition</code> that is used to define the option 
407     * to terminate the session if the session exceeds the maximum session
408     * time. The value corresponding to the key has to be a <code>Set</code> 
409     * that has just one element which is a string. The option is on if
410     * the string value is equal to <code>true</code>.
411     */
412    public static final String TERMINATE_SESSION = "TerminateSession";
413
414    /**
415     * Following keys are used to define relevant key names for processing
416     * the environment Map of an SimpleTimeCondition.
417     */
418
419    /** Key that is used in <code>SimpleTimeCondition</code> to define the  
420     * beginning of time range during which a policy applies.
421     * The value corresponding to the key has to be a <code>Set</code> that 
422     * has just one element which is a <code>String</code> that conforms to 
423     * the pattern described here. If a value is defined for 
424     * <code>START_TIME</code>,  
425     * a value should also be defined for <code>END_TIME</code>.
426     *
427     * The patterns is:
428     * <pre>
429     *    HH:mm
430     * </pre>
431     *
432     * Some sample values are
433     * <pre>
434     *     08:25
435     *     18:45
436     * </pre>
437     *
438     * @see #setProperties(Map)
439     * @see #END_TIME
440     */
441    public static final String START_TIME = "StartTime";
442
443    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
444     * end of time range during which a policy applies.The value corresponding 
445     * to the key has to be  a <code>Set</code> that has just one element which 
446     * is a <code>String</code> that conforms to the pattern described here. 
447     * If a value is defined for <code>END_TIME</code>,  a value should also 
448     * be defined for <code>START_TIME</code>.
449     *
450     * The patterns is:
451     * <pre>
452     *    HH:mm
453     * </pre>
454     *
455     * Some sample values are
456     * <pre>
457     *     08:25
458     *     18:45
459     * </pre>
460     *
461     * @see #setProperties(Map)
462     * @see #START_TIME
463     */
464    public static final String END_TIME = "EndTime";
465
466    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
467     * start of day of week  range for which a policy applies. The value 
468     * corresponding to the key has to be a <code>Set</code> that has just one 
469     * element which is a <code>String</code> that is one of the values 
470     * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code>
471     * If a value is defined for <code>START_DAY</code>,  a value should also be
472     * defined for <code>END_DAY</code>.
473     *
474     * Some sample values are
475     * <pre>
476     *     Sun
477     *     Mon
478     * </pre>
479     * @see #setProperties(Map)
480     * @see #END_DAY
481     */
482    public static final String START_DAY = "StartDay";
483
484    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
485     * end of day of week  range for which a policy applies. Its defined in a 
486     * <code>SimpleTimeCondition </code> associated with the policy. The value 
487     * corresponding to the key has to be a <code>Set</code> that has just one 
488     * element which is a <code>String</code> that is one of the values 
489     * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code>
490     * If a value is defined for <code>END_DAY</code>,  a value should also be
491     * defined for <code>START_DAY</code>.
492     *
493     * Some sample values are
494     * <pre>
495     *     Sun
496     *     Mon
497     * </pre>
498     * @see #setProperties(Map)
499     * @see #START_DAY
500     */
501    public static final String END_DAY = "EndDay";
502
503    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
504     * start of date range for which a policy applies.
505     * The value corresponding to the key has to be a <code>Set</code> that has 
506     * just one element which is a <code>String</code> that corresponds to the 
507     * pattern described below. If a value is defined for 
508     * <code>START_DATE</code>, a value should also be defined for 
509     * <code>END_DATE</code>.
510     *
511     * The pattern is
512     * <pre>
513     *     yyyy:MM:dd
514     * Some sample values are
515     *     2001:02:26
516     *     2002:12:31
517     * </pre>
518     *
519     * @see #setProperties(Map)
520     * @see #END_DATE
521     */
522    public static final String START_DATE = "StartDate";
523
524    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
525     * end of date range for which a policy applies.The value corresponding to 
526     * the key has to be a <code>Set</code> that has just one element which is 
527     * a <code>String</code> that corresponds to the pattern described below.
528     * If a value is defined for <code>END_DATE</code>,  a value should
529     * also be defined for <code>START_DATE</code>.
530     *
531     * The pattern is
532     * <pre>
533     *     yyyy:MM:dd
534     * Some sample values are
535     *     2001:02:26
536     *     2002:12:31
537     * </pre>
538     *
539     * @see #setProperties(Map)
540     * @see #START_DATE
541     */
542    public static final String END_DATE = "EndDate";
543
544    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
545     *  time zone basis to evaluate the policy.
546     *  The value corresponding to the key
547     *  has to be a one element <code>Set</code> where the element is a 
548     *  <code>String</code> that is one of the standard timezone IDs supported 
549     *  by java or a <code>String</code> of the  pattern 
550     *  <code>GMT[+|-]hh[[:]mm]</code>
551     *  here. If the value is not a valid time zone id and does
552     *  not match the pattern <code>GMT[+|-]hh[[:]mm]</code>, it would default
553     *  to GMT
554     *
555     *  @see java.util.TimeZone
556     */
557    public static final String ENFORCEMENT_TIME_ZONE
558            = "EnforcementTimeZone";
559
560    /** Key that is used to define the time zone that is passed in
561     *  the <code>env</code> parameter while invoking
562     *  <code>getConditionDecision</code> method of a 
563     *  <code>SimpleTimeCondition</code>
564     *  Value for the key should be a <code>TimeZone</code> object. This
565     *  would be used only if the <code>ENFORCEMENT_TIME_ZONE</code> is not
566     *  defined for the <code>SimpleTimeCondition</code>
567     *
568     *  @see #getConditionDecision(SSOToken, Map)
569     *  @see #ENFORCEMENT_TIME_ZONE
570     *  @see java.util.TimeZone
571     */
572    public static final String REQUEST_TIME_ZONE = "requestTimeZone";
573
574    /** Key that is passed in the <code>env</code> parameter while invoking
575     * <code>getConditionDecision</code> method of a <code>
576     * SessionPropertyCondition</code> to indicate if a case insensitive 
577     * match needs to done of the property value against same name property in 
578     * the user's single sign on token.
579     */
580    public static final String VALUE_CASE_INSENSITIVE = "valueCaseInsensitive";
581
582    /** Key that is passed in the <code>env</code> parameter while invoking
583     * <code>getConditionDecision</code> method of an
584     * <code>AMIdentityMembershipCondition</code>. The value specifies the 
585     * uuid(s)  for which the policy would apply.  The value should be
586     *  a <code>Set</code>. Each element of the <code>Set</code> should be a 
587     *  String, the uuid of the <code>AMIdentity</code> objet.
588     */
589    public static final String INVOCATOR_PRINCIPAL_UUID
590            = "invocatorPrincipalUuid";
591
592    /** Key that is used in a <code>AMIdentityMembershipCondition</code> to 
593     *  specify the  uuid(s) of <code>AMIdentiy</code> objects to which the
594     *  policy would apply. These uuid(s) are specified in the condition
595     *  at policy definition time.
596     *
597     *  The value should be a <code>Set</code> 
598     *  Each element of the <code>Set</code> should be a  String, 
599     *  the uuid of the invocator.
600     */
601    public static final String AM_IDENTITY_NAME = "amIdentityName";
602
603    /**
604     * Returns a list of property names for the condition.
605     *
606     * @return list of property names
607     */
608    public List getPropertyNames();
609
610    /**
611     * Returns the syntax for a property name
612     * @see com.sun.identity.policy.Syntax
613     *
614     * @param property property name
615     *
616     * @return <code>Syntax<code> for the property name
617     */
618    public Syntax getPropertySyntax(String property);
619
620
621    /**
622     * Gets the display name for the property name.
623     * The <code>locale</code> variable could be used by the plugin to
624     * customize the display name for the given locale.
625     * The <code>locale</code> variable could be <code>null</code>, in which
626     * case the plugin must use the default locale.
627     *
628     * @param property property name
629     * @param locale locale for which the property name must be customized
630     * @return display name for the property name.
631     * @throws PolicyException
632     */
633    public String getDisplayName(String property, Locale locale)
634        throws PolicyException;
635
636    /**
637     * Returns a set of valid values given the property name. This method
638     * is called if the property Syntax is either the SINGLE_CHOICE or
639     * MULTIPLE_CHOICE.
640     *
641     * @param property property name
642     * @return Set of valid values for the property.
643     * @exception PolicyException if unable to get the Syntax.
644     */
645    public Set getValidValues(String property) throws PolicyException;
646
647    /** Sets the properties of the condition.  
648     *  This influences the <code>ConditionDecision</code> that would be
649     *  computed by a call to method <code>getConditionDecision(Map)</code> and
650     *  the <code>Advice</code> messages generated included in the
651     *  <code>ConditionDecision</code>.
652     *
653     *  <code>ConditionDecision</code> encapsulates whether a policy applies for
654     *  the request and advice messages generated by the condition.
655     *
656     *  For example, for a <code>SimpleTimeCondition</code>, the properties 
657     *  would  define <code>StartTime</code> and <code>EndTime</code>, to define
658     *  the time range during which the policy applies 
659     *
660     *  @param properties the properties of the condition 
661     *         that would influence the <code>ConditionDecision</code> returned
662     *         by a call to method <code>getConditionDecision(Map)</code>.
663     *         Keys of the properties have to be String.
664     *         Value corresponding to each key have to be a <code>Set</code> of 
665     *         <code>String</code> elements. Each implementation of Condition 
666     *         could add further  restrictions on the keys and values of this 
667     *         <code>Map</code>.
668     *  @throws PolicyException for any abnormal condition
669     * @see com.sun.identity.policy.ConditionDecision
670     */
671    public void setProperties(Map properties) throws PolicyException;
672
673    /** Gets the properties of the condition
674     *  @return properties of the condition
675     *  @see #setProperties
676     */
677    public Map getProperties();
678
679    /**
680     * Gets the decision computed by this condition object, based on the 
681     * <code>Map</code> of environment parameters 
682     *
683     * @param token single-sign-on <code>SSOToken</code> of the user
684     *
685     * @param env request specific environment <code>Map,/code> of key/value 
686     *        pairs For example this would contain IP address of remote
687     *        client for an <code>IPCondition</code>.
688     *
689     * @return the condition decision.
690     *         The condition decision encapsulates whether a <code>Policy</code>
691     *         applies for the request and  <code>advice</code> messages
692     *         generated by the condition.
693     *
694     * Policy framework continues evaluating a  <code>Policy</code> only if it 
695     * applies to the request  as indicated by the 
696     * <code>ConditionDecision</code>.
697     * Otherwise, further evaluation  of the <code>Policy</code> is skipped. 
698     * However, the <code>Advice</code>  messages encapsulated  in the 
699     * <code>ConditionDecision</code> are aggregated and passed up, 
700     * encapsulated in  the <code>PolicyDecision</code>.
701     *
702     *
703     * @throws PolicyException if the decision could not be computed
704     * @throws SSOException if SSO token is not valid
705     *
706     * @see com.sun.identity.policy.ConditionDecision
707     */
708    public ConditionDecision getConditionDecision(SSOToken token, Map env)
709            throws PolicyException, SSOException;
710
711    /**
712     * Returns a copy of this object.
713     *
714     * @return a copy of this object
715     */
716    public Object clone();
717
718}