001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: Condition.java,v 1.7 2009/06/19 22:54:46 mrudul_uchil Exp $
026 *
027 * Portions Copyrighted 2014 ForgeRock AS.
028 */
029
030package com.sun.identity.policy.interfaces;
031
032import com.sun.identity.policy.ConditionDecision;
033import com.sun.identity.policy.PolicyException;
034import com.sun.identity.policy.Syntax;
035import com.iplanet.sso.SSOToken;
036import com.iplanet.sso.SSOException;
037
038import java.util.List;
039import java.util.Locale;
040import java.util.Map;
041import java.util.Set;
042
043/**
044 * The class <code>Condition</code> defines an interface 
045 * to allow pluggable condition. These are used to control 
046 * policy decisions based on parameters such as time,
047 * authentication level of the user session and IP address from which
048 * the user is making the request.
049 *
050 * A condition computes a <code>ConditionDecision</code> based on the state
051 * of condition object as  set by <code>setProperties</code> 
052 * method call and the environment passed in a map of key/value pairs. 
053 *
054 * <code>ConditionDecision</code> encapsulates  whether a <code>Policy</code> 
055 * applies for the request and <code>Advice</code> messages  generated by 
056 * the condition.
057 *
058 * The following Condition implementation are provided with the 
059 * Policy framework:
060 * <ul>
061 * <li>AuthLevelCondition</li>
062 * <li>LEAuthLevelCondition</li>
063 * <li>AuthSchemeCondition</li>
064 * <li>IPCondition</li>
065 * <li>SimpleTimeCondition</li>
066 * <li>SessionCondition</li>
067 * <li>SessionPropertyCondition</li>
068 * <li>AuthenticateToRealmCondition</li>
069 * <li>AuthenticateToServiceCondition</li>
070 * <li>LDAPFilterCondition</li>
071 * </ul>
072 *
073 * All condition implementations should have a public no argument 
074 * constructor.
075 *
076 * @see com.sun.identity.policy.ConditionDecision
077 * @supported.all.api
078 * @deprecated since 12.0.0, use {@link com.sun.identity.entitlement.EntitlementCondition}
079 */
080@Deprecated
081public interface Condition extends Cloneable {
082
083    /**
084     * Following keys are used to define relevant key names for processing
085     * the environment Map of an AuthLevelCondition or LEAuthLevelCondition.
086     */
087
088    /** Key that is used to define the minimum authentication level 
089     *  in an <code>AuthLevelCondition</code> or the maximum authentication 
090     *  level in a  <code>LEAuthLevelCondition</code> of a  policy being 
091     *  evaluated. In case of <code>AuthLevelCondition</code> policy would 
092     *  apply if the request authentication level is at least the level 
093     *  defined in condition while in case of <code>LEAuthLevelCondition</code> 
094     *  policy would apply if the request authentication level is less than
095     *  or equal to the level defined in the condition.
096     *  The value should be a <code>Set</code> with only one 
097     *  element. The element should be a  <code>String</code>, parse-able as 
098     *  an integer or a realm qualified integer like "sun:1" where "sun" is a 
099     *  realm name.":" needs to used a delimiter between realm name and the 
100     *  level.
101     *
102     *  @see #setProperties(Map)
103     */
104    public static final String AUTH_LEVEL = "AuthLevel";
105
106    /** Key that is used to define the authentication level of the request.
107     *  Its passed down in the <code>env</code> Map to the 
108     *  <code>getConditionDecision</code> call of an <code>AuthLevelCondition
109     *  </code> or <code>LEAuthLevelCondition</code> for condition evaluation.
110     *  <p>
111     *  The value should be  an Integer or a <code>Set</code> of 
112     *  <code>String</code>s. If it is a <code>Set</code> of 
113     *  <code>String</code>s, each element of the set has to be parseable as 
114     *  integer or should be a realm qualified integer like "sun:1". If the 
115     *  <code>env</code> parameter is null or does not
116     *  define value for <code>REQUEST_AUTH_LEVEL</code>,  the value for
117     *  <code>REQUEST_AUTH_LEVEL</code> is obtained from the single sign
118     *  on token of the user 
119     *
120     *  @see #getConditionDecision(SSOToken, Map)
121     *  @see #AUTH_LEVEL
122     */
123    public static final String REQUEST_AUTH_LEVEL = "requestAuthLevel";
124
125    /**
126     * Following keys are used to define relevant key names for processing
127     * the environment Map of an AuthSchemeConditon.
128     */
129
130    /** Key that is used to define the authentication scheme 
131     *  in an <code>AuthSchemeCondition</code> of a policy.
132     *  Policy would apply if the authentication scheme of the request is same
133     *  as defined in the condition. The value should be
134     *  a <code>Set</code> with only one element. The element should be a 
135     *  <code>String</code>, the authentication scheme name.
136     *
137     *  @see #setProperties(Map)
138     */
139    public static final String AUTH_SCHEME = "AuthScheme";
140
141    /**
142     * Key that is used to specify application name
143     * for the resources protected by the policy
144     */
145    public static final String APPLICATION_NAME = "ApplicationName";
146
147    /**
148     * Key that is used to specify the application
149     * idle time out
150     */
151    public static final String APPLICATION_IDLE_TIMEOUT
152            = "ApplicationIdleTimeout";
153
154    /** Key that is used to define the name of authentication scheme of the 
155     *  request. Its passed down as part of the <code>env</code> Map to
156     *  <code>getConditionDecision</code> of an <code>AuthSchemeCondition</code>
157     *  for condition evaluation.
158     *  Value for the key should be a <code>Set</code> with each element being 
159     *  a <code>String</code>.
160     *  If the <code>env</code> parameter is null or does not
161     *  define value for <code>REQUEST_AUTH_SCHEMES</code>,  the value for
162     *  <code>REQUEST_AUTH_SCHEMES</code> is obtained from the single sign
163     *  on token of the user 
164     *
165     *  @see #getConditionDecision(SSOToken, Map)
166     *  @see #AUTH_SCHEME
167     */
168    public static final String REQUEST_AUTH_SCHEMES = "requestAuthSchemes";
169
170    /**
171     * Following keys are used to define relevant key names for processing
172     * the environment Map of an AuthenticateToRealmCondition.
173     */
174
175    /** Key used in <code>AuthenticateToRealmCondition</code> to specify the 
176     *  realm for which the user should authenticate for the policy to apply. 
177     *  The value should be  a <code>Set</code> with only one element. 
178     *  The should be a  <code>String</code>, the realm name.
179     *
180     *  @see #setProperties(Map)
181     */
182    public static final String AUTHENTICATE_TO_REALM = "AuthenticateToRealm";
183
184
185    /** Key that is used to identify the names of authenticated realms 
186     *  in the request. Its passed down as part of the <code>env</code> Map to
187     *  <code>getConditionDecision</code> of an <code>
188     *  AuthenticateToRealmCondition</code> for condition evaluation.
189     *  Value for the key should be a <code>Set</code> with each element being 
190     *  a <code>String</code>
191     *  If the <code>env</code> parameter is null or does not
192     *  define value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code>,  the 
193     *  value for <code>REQUEST_AUTHENTICATED_TO_REALMS</code> is obtained 
194     *  from the single sign on token of the user 
195     *
196     *  @see #getConditionDecision(SSOToken, Map)
197     *  @see #AUTHENTICATE_TO_REALM
198     */
199    public static final String REQUEST_AUTHENTICATED_TO_REALMS
200            = "requestAuthenticatedToRealms";
201
202    /**
203     * Following keys are used to define relevant key names for processing
204     * the environment Map of an AuthenticateToServiceCondition.
205     */
206
207    /** Key that is used in <code>AuthenticateToServiceCondition</code> to 
208     *  specify the authentication chain for which the user should authenticate 
209     *  for the policy to apply. 
210     *  The value should be  a <code>Set</code> with only one element. 
211     *  The should be a  <code>String</code>, the realm name.
212     *
213     *  @see #setProperties(Map)
214     */
215    public static final String AUTHENTICATE_TO_SERVICE
216            = "AuthenticateToService";
217
218    /** Key that is used to identify the names of authentication chains
219     *  in the request. Its passed down as part of the <code>env</code> Map to
220     *  <code>getConditionDecision</code> of an <code>
221     *  AuthenticateToServiceCondition</code> for condition evaluation.
222     *  Value for the key should be a <code>Set</code> with each element being 
223     *  a <code>String</code>.
224     *  If the <code>env</code> parameter is null or does not
225     *  define value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code>,  the 
226     *  value for <code>REQUEST_AUTHENTICATED_TO_SERVICES</code> is obtained 
227     *  from the single sign on token of the user 
228     *
229     *  @see #getConditionDecision(SSOToken, Map)
230     *  @see #AUTHENTICATE_TO_SERVICE
231     */
232    public static final String REQUEST_AUTHENTICATED_TO_SERVICES
233            = "requestAuthenticatedToServices";
234
235    /** Key that is used identify the advice messages from
236     * <code>AuthSchemeCondition</code>
237     */
238    public static final String AUTH_SCHEME_CONDITION_ADVICE =
239            "AuthSchemeConditionAdvice";
240
241    /** Key that is used identify the advice messages from
242     * <code>AuthenticateToServiceCondition</code>
243     */
244    public static final String AUTHENTICATE_TO_SERVICE_CONDITION_ADVICE
245            = "AuthenticateToServiceConditionAdvice";
246
247    /** Key that is used identify the advice messages from
248     * <code>AuthLevelCondition</code>.
249     */
250    public static final String AUTH_LEVEL_CONDITION_ADVICE =
251            "AuthLevelConditionAdvice";
252
253    /** Key that is used identify the advice messages from
254     * <code>AuthenticateToRealmCondition</code>
255     */
256    public static final String AUTHENTICATE_TO_REALM_CONDITION_ADVICE =
257            "AuthenticateToRealmConditionAdvice";
258
259    /**
260     * Following keys are used to define relevant key names for processing
261     * the environment Map of an IPCondition.
262     */
263
264    /** Key used in <code>IPCondition</code> to define the  start of IP 
265     * address range for which a policy applies.
266     * The value corresponding to the key  has to be a <code>Set</code> that 
267     * has just one element which is a <code>String</code>
268     * that conforms to the pattern described here. If a value is
269     * defined for START_IP,  a value should also be defined for END_IP.
270     *
271     * The patterns for IP Version 4 is :
272     *    n.n.n.n
273     * where n would take any integer value between 0 and 255 inclusive.
274     *
275     * Some sample values are:
276     *     122.100.85.45
277     *     145.64.55.35
278     *     15.64.55.35
279     *
280     * The patterns for IP Version 6 is:
281     *    x:x:x:x:x:x:x:x
282     * where x are the hexadecimal values of the eight 16-bit pieces of the address
283     *
284     * Some sample values are:
285     *      FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
286     *      1080:0:0:0:8:800:200C:417A
287     *
288     * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a>
289     * @see #setProperties(Map)
290     */
291    public static final String START_IP = "StartIp";
292
293    /** Key that is used in  <code>IPCondition</code> to define the  end of 
294     *  IP address range for which a policy applies. 
295     * The value corresponding to the key has to be a <code>Set</code> that 
296     * has just one element which is a <code>String</code>
297     * that conforms to the pattern described here. If a value is
298     * defined for END_IP,  a value should also be defined for START_IP.
299     *
300     * The patterns is :
301     *    n.n.n.n
302     * where n would take any integer value between 0 and 255 inclusive.
303     *
304     * Some sample values are
305     *     122.100.85.45
306     *     145.64.55.35
307     *     15.64.55.35
308     *
309     * The patterns for IP Version 6 is:
310     *    x:x:x:x:x:x:x:x
311     * where x are the hexadecimal values of the eight 16-bit pieces of the address
312     *
313     * Some sample values are:
314     *      FEDC:BA98:7654:3210:FEDC:BA98:7654:3210
315     *      1080:0:0:0:8:800:200C:417A
316     *
317     * @see <a href="http://tools.ietf.org/html/rfc3513#section-2.2">RFC 3513 - Section 2.2</a>
318     * @see #setProperties(Map)
319     */
320    public static final String END_IP = "EndIp";
321
322    /** Key that is used in an <code>IPCondition</code> to define the  DNS 
323     * name values for which a policy applies. The value corresponding to the 
324     * key has to be a <code>Set</code> where each element is a <code>String
325     * </code> that conforms to the patterns described here.
326     *
327     * The patterns is :
328     * <pre>
329     * ccc.ccc.ccc.ccc
330     * *.ccc.ccc.ccc</pre>
331     * where c is any valid character for DNS domain/host name.
332     * There could be any number of <code>.ccc</code> components.
333     * Some sample values are:
334     * <pre>
335     * www.sun.com
336     * finace.yahoo.com
337     * *.yahoo.com
338     * </pre>
339     *
340     * @see #setProperties(Map)
341     */
342    public static final String DNS_NAME = "DnsName";
343
344
345    /** Key that is used to define request IP address that is passed in
346     * the <code>env</code> parameter while invoking
347     * <code>getConditionDecision</code> method of an <code>IPCondition</code>.
348     * Value for the key should be a <code>String</code> that is a string 
349     * representation of IP of the client,
350     *
351     * For IP version 4:
352     * The form is  n.n.n.n where n is a
353     * value between 0 and 255 inclusive.
354     *
355     * For IP version 6:
356     * The form is x:x:x:x:x:x:x:x where x is
357     * the hexadecimal values of the eight 16-bit pieces of the address
358     *
359     * @see #getConditionDecision(SSOToken, Map)
360     * @see #REQUEST_DNS_NAME
361     */
362    public static final String REQUEST_IP = "requestIp";
363
364    /** Key that is used to define request DNS name that is passed in
365     * the <code>env</code> parameter while invoking
366     * <code>getConditionDecision</code> method of an <code>IPCondition</code>.
367     * Value for the key should be a set of strings representing the
368     * DNS names of the client, in the form <code>ccc.ccc.ccc</code> for IP version 4.
369     * For IP version 6, the form would be <code>x:x:x:x:x:x:x:x</code>
370     * If the <code>env</code> parameter is null or does not
371     * define value for <code>REQUEST_DNS_NAME</code>,  the 
372     * value for <code>REQUEST_DNS_NAME</code> is obtained 
373     * from the single sign on token of the user 
374     *
375     * @see #getConditionDecision(SSOToken, Map)
376     */
377    public static final String REQUEST_DNS_NAME = "requestDnsName";
378
379    /**
380     * Following keys are used to define relevant key names for processing
381     * the environment Map of a LDAPFilterCondition.
382     */
383    /**
384     *  Key that is used in a <code>LDAPFilterCondition</code> to define the 
385     *  ldap filter that should  be satisfied by the ldap entry of the user 
386     *  for the condition to be satisifed
387     *  The value should be a <code>Set</code> with only one element. 
388     *  The element should be a  <code>String</code>.
389     *
390     *  @see #setProperties(Map)
391     */
392    public static final String LDAP_FILTER = "ldapFilter";
393
394    /**
395     * Following keys are used to define relevant key names for processing
396     * the environment Map of a SessionCondition.
397     */
398
399    /**
400     * Key that is used in <code>SessionCondition</code> to define the maximum 
401     * session time in minutes for which a policy applies. 
402     * The value corresponding to the key has to be a  <code>Set</code> that 
403     * has just one element which is a string and parse-able as an 
404     * <code>Integer</code>. 
405     */
406    public static final String MAX_SESSION_TIME = "MaxSessionTime";
407
408    /**
409     * Key in <code>SessionCondition</code> that is used to define the option 
410     * to terminate the session if the session exceeds the maximum session
411     * time. The value corresponding to the key has to be a <code>Set</code> 
412     * that has just one element which is a string. The option is on if
413     * the string value is equal to <code>true</code>.
414     */
415    public static final String TERMINATE_SESSION = "TerminateSession";
416
417    /**
418     * Following keys are used to define relevant key names for processing
419     * the environment Map of an SimpleTimeCondition.
420     */
421
422    /** Key that is used in <code>SimpleTimeCondition</code> to define the  
423     * beginning of time range during which a policy applies.
424     * The value corresponding to the key has to be a <code>Set</code> that 
425     * has just one element which is a <code>String</code> that conforms to 
426     * the pattern described here. If a value is defined for 
427     * <code>START_TIME</code>,  
428     * a value should also be defined for <code>END_TIME</code>.
429     *
430     * The patterns is:
431     * <pre>
432     *    HH:mm
433     * </pre>
434     *
435     * Some sample values are
436     * <pre>
437     *     08:25
438     *     18:45
439     * </pre>
440     *
441     * @see #setProperties(Map)
442     * @see #END_TIME
443     */
444    public static final String START_TIME = "StartTime";
445
446    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
447     * end of time range during which a policy applies.The value corresponding 
448     * to the key has to be  a <code>Set</code> that has just one element which 
449     * is a <code>String</code> that conforms to the pattern described here. 
450     * If a value is defined for <code>END_TIME</code>,  a value should also 
451     * be defined for <code>START_TIME</code>.
452     *
453     * The patterns is:
454     * <pre>
455     *    HH:mm
456     * </pre>
457     *
458     * Some sample values are
459     * <pre>
460     *     08:25
461     *     18:45
462     * </pre>
463     *
464     * @see #setProperties(Map)
465     * @see #START_TIME
466     */
467    public static final String END_TIME = "EndTime";
468
469    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
470     * start of day of week  range for which a policy applies. The value 
471     * corresponding to the key has to be a <code>Set</code> that has just one 
472     * element which is a <code>String</code> that is one of the values 
473     * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code>
474     * If a value is defined for <code>START_DAY</code>,  a value should also be
475     * defined for <code>END_DAY</code>.
476     *
477     * Some sample values are
478     * <pre>
479     *     Sun
480     *     Mon
481     * </pre>
482     * @see #setProperties(Map)
483     * @see #END_DAY
484     */
485    public static final String START_DAY = "StartDay";
486
487    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
488     * end of day of week  range for which a policy applies. Its defined in a 
489     * <code>SimpleTimeCondition </code> associated with the policy. The value 
490     * corresponding to the key has to be a <code>Set</code> that has just one 
491     * element which is a <code>String</code> that is one of the values 
492     * <code>Sun, Mon, Tue, Wed, Thu, Fri, Sat.</code>
493     * If a value is defined for <code>END_DAY</code>,  a value should also be
494     * defined for <code>START_DAY</code>.
495     *
496     * Some sample values are
497     * <pre>
498     *     Sun
499     *     Mon
500     * </pre>
501     * @see #setProperties(Map)
502     * @see #START_DAY
503     */
504    public static final String END_DAY = "EndDay";
505
506    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
507     * start of date range for which a policy applies.
508     * The value corresponding to the key has to be a <code>Set</code> that has 
509     * just one element which is a <code>String</code> that corresponds to the 
510     * pattern described below. If a value is defined for 
511     * <code>START_DATE</code>, a value should also be defined for 
512     * <code>END_DATE</code>.
513     *
514     * The pattern is
515     * <pre>
516     *     yyyy:MM:dd
517     * Some sample values are
518     *     2001:02:26
519     *     2002:12:31
520     * </pre>
521     *
522     * @see #setProperties(Map)
523     * @see #END_DATE
524     */
525    public static final String START_DATE = "StartDate";
526
527    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
528     * end of date range for which a policy applies.The value corresponding to 
529     * the key has to be a <code>Set</code> that has just one element which is 
530     * a <code>String</code> that corresponds to the pattern described below.
531     * If a value is defined for <code>END_DATE</code>,  a value should
532     * also be defined for <code>START_DATE</code>.
533     *
534     * The pattern is
535     * <pre>
536     *     yyyy:MM:dd
537     * Some sample values are
538     *     2001:02:26
539     *     2002:12:31
540     * </pre>
541     *
542     * @see #setProperties(Map)
543     * @see #START_DATE
544     */
545    public static final String END_DATE = "EndDate";
546
547    /** Key that is used in a <code>SimpleTimeCondition</code> to define the  
548     *  time zone basis to evaluate the policy.
549     *  The value corresponding to the key
550     *  has to be a one element <code>Set</code> where the element is a 
551     *  <code>String</code> that is one of the standard timezone IDs supported 
552     *  by java or a <code>String</code> of the  pattern 
553     *  <code>GMT[+|-]hh[[:]mm]</code>
554     *  here. If the value is not a valid time zone id and does
555     *  not match the pattern <code>GMT[+|-]hh[[:]mm]</code>, it would default
556     *  to GMT
557     *
558     *  @see java.util.TimeZone
559     */
560    public static final String ENFORCEMENT_TIME_ZONE
561            = "EnforcementTimeZone";
562
563    /** Key that is used to define the time zone that is passed in
564     *  the <code>env</code> parameter while invoking
565     *  <code>getConditionDecision</code> method of a 
566     *  <code>SimpleTimeCondition</code>
567     *  Value for the key should be a <code>TimeZone</code> object. This
568     *  would be used only if the <code>ENFORCEMENT_TIME_ZONE</code> is not
569     *  defined for the <code>SimpleTimeCondition</code>
570     *
571     *  @see #getConditionDecision(SSOToken, Map)
572     *  @see #ENFORCEMENT_TIME_ZONE
573     *  @see java.util.TimeZone
574     */
575    public static final String REQUEST_TIME_ZONE = "requestTimeZone";
576
577    /** Key that is passed in the <code>env</code> parameter while invoking
578     * <code>getConditionDecision</code> method of a <code>
579     * SessionPropertyCondition</code> to indicate if a case insensitive 
580     * match needs to done of the property value against same name property in 
581     * the user's single sign on token.
582     */
583    public static final String VALUE_CASE_INSENSITIVE = "valueCaseInsensitive";
584
585    /** Key that is passed in the <code>env</code> parameter while invoking
586     * <code>getConditionDecision</code> method of an
587     * <code>AMIdentityMembershipCondition</code>. The value specifies the 
588     * uuid(s)  for which the policy would apply.  The value should be
589     *  a <code>Set</code>. Each element of the <code>Set</code> should be a 
590     *  String, the uuid of the <code>AMIdentity</code> objet.
591     */
592    public static final String INVOCATOR_PRINCIPAL_UUID
593            = "invocatorPrincipalUuid";
594
595    /** Key that is used in a <code>AMIdentityMembershipCondition</code> to 
596     *  specify the  uuid(s) of <code>AMIdentiy</code> objects to which the
597     *  policy would apply. These uuid(s) are specified in the condition
598     *  at policy definition time.
599     *
600     *  The value should be a <code>Set</code> 
601     *  Each element of the <code>Set</code> should be a  String, 
602     *  the uuid of the invocator.
603     */
604    public static final String AM_IDENTITY_NAME = "amIdentityName";
605
606    /**
607     * Returns a list of property names for the condition.
608     *
609     * @return list of property names
610     */
611    public List<String> getPropertyNames();
612
613    /**
614     * Returns the syntax for a property name
615     * @see com.sun.identity.policy.Syntax
616     *
617     * @param property property name
618     *
619     * @return <code>Syntax<code> for the property name
620     */
621    public Syntax getPropertySyntax(String property);
622
623
624    /**
625     * Gets the display name for the property name.
626     * The <code>locale</code> variable could be used by the plugin to
627     * customize the display name for the given locale.
628     * The <code>locale</code> variable could be <code>null</code>, in which
629     * case the plugin must use the default locale.
630     *
631     * @param property property name
632     * @param locale locale for which the property name must be customized
633     * @return display name for the property name.
634     * @throws PolicyException
635     */
636    public String getDisplayName(String property, Locale locale)
637        throws PolicyException;
638
639    /**
640     * Returns a set of valid values given the property name. This method
641     * is called if the property Syntax is either the SINGLE_CHOICE or
642     * MULTIPLE_CHOICE.
643     *
644     * @param property property name
645     * @return Set of valid values for the property.
646     * @exception PolicyException if unable to get the Syntax.
647     */
648    public Set<String> getValidValues(String property) throws PolicyException;
649
650    /** Sets the properties of the condition.  
651     *  This influences the <code>ConditionDecision</code> that would be
652     *  computed by a call to method <code>getConditionDecision(Map)</code> and
653     *  the <code>Advice</code> messages generated included in the
654     *  <code>ConditionDecision</code>.
655     *
656     *  <code>ConditionDecision</code> encapsulates whether a policy applies for
657     *  the request and advice messages generated by the condition.
658     *
659     *  For example, for a <code>SimpleTimeCondition</code>, the properties 
660     *  would  define <code>StartTime</code> and <code>EndTime</code>, to define
661     *  the time range during which the policy applies 
662     *
663     *  @param properties the properties of the condition 
664     *         that would influence the <code>ConditionDecision</code> returned
665     *         by a call to method <code>getConditionDecision(Map)</code>.
666     *         Keys of the properties have to be String.
667     *         Value corresponding to each key have to be a <code>Set</code> of 
668     *         <code>String</code> elements. Each implementation of Condition 
669     *         could add further  restrictions on the keys and values of this 
670     *         <code>Map</code>.
671     *  @throws PolicyException for any abnormal condition
672     * @see com.sun.identity.policy.ConditionDecision
673     */
674    public void setProperties(Map<String, Set<String>> properties) throws PolicyException;
675
676    /** Gets the properties of the condition
677     *  @return properties of the condition
678     *  @see #setProperties
679     */
680    public Map<String, Set<String>> getProperties();
681
682    /**
683     * Gets the decision computed by this condition object, based on the 
684     * <code>Map</code> of environment parameters 
685     *
686     * @param token single-sign-on <code>SSOToken</code> of the user
687     *
688     * @param env request specific environment <code>Map,/code> of key/value 
689     *        pairs For example this would contain IP address of remote
690     *        client for an <code>IPCondition</code>.
691     *
692     * @return the condition decision.
693     *         The condition decision encapsulates whether a <code>Policy</code>
694     *         applies for the request and  <code>advice</code> messages
695     *         generated by the condition.
696     *
697     * Policy framework continues evaluating a  <code>Policy</code> only if it 
698     * applies to the request  as indicated by the 
699     * <code>ConditionDecision</code>.
700     * Otherwise, further evaluation  of the <code>Policy</code> is skipped. 
701     * However, the <code>Advice</code>  messages encapsulated  in the 
702     * <code>ConditionDecision</code> are aggregated and passed up, 
703     * encapsulated in  the <code>PolicyDecision</code>.
704     *
705     *
706     * @throws PolicyException if the decision could not be computed
707     * @throws SSOException if SSO token is not valid
708     *
709     * @see com.sun.identity.policy.ConditionDecision
710     */
711    public ConditionDecision getConditionDecision(SSOToken token, Map<String, Set<String>> env)
712            throws PolicyException, SSOException;
713
714    /**
715     * Returns a copy of this object.
716     *
717     * @return a copy of this object
718     */
719    public Object clone();
720
721}