* See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.authentication;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;

            

Reported by PMD.

               *
 * @author Joe Grandja
 */
public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2AuthorizationConsentService authorizationConsentService;
	private OAuth2AuthorizationCodeRequestAuthenticationProvider authenticationProvider;

            

Reported by PMD.

               */
public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2AuthorizationConsentService authorizationConsentService;
	private OAuth2AuthorizationCodeRequestAuthenticationProvider authenticationProvider;
	private TestingAuthenticationToken principal;


            

Reported by PMD.

              public class OAuth2AuthorizationCodeRequestAuthenticationProviderTests {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2AuthorizationConsentService authorizationConsentService;
	private OAuth2AuthorizationCodeRequestAuthenticationProvider authenticationProvider;
	private TestingAuthenticationToken principal;

	@Before

            

Reported by PMD.

              	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2AuthorizationConsentService authorizationConsentService;
	private OAuth2AuthorizationCodeRequestAuthenticationProvider authenticationProvider;
	private TestingAuthenticationToken principal;

	@Before
	public void setUp() {

            

Reported by PMD.

              	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2AuthorizationConsentService authorizationConsentService;
	private OAuth2AuthorizationCodeRequestAuthenticationProvider authenticationProvider;
	private TestingAuthenticationToken principal;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);

            

Reported by PMD.

              	private OAuth2AuthorizationService authorizationService;
	private OAuth2AuthorizationConsentService authorizationConsentService;
	private OAuth2AuthorizationCodeRequestAuthenticationProvider authenticationProvider;
	private TestingAuthenticationToken principal;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);
		this.authorizationService = mock(OAuth2AuthorizationService.class);

            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationCodeRequestAuthenticationProvider(
				null, this.authorizationService, this.authorizationConsentService))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
	}


            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationCodeRequestAuthenticationProvider(
				null, this.authorizationService, this.authorizationConsentService))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
	}


            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationCodeRequestAuthenticationProvider(
				this.registeredClientRepository, null, this.authorizationConsentService))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationService cannot be null");
	}


            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.authentication;

import java.security.Principal;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;

            

Reported by PMD.

               * @author Joe Grandja
 * @author Daniel Garnier-Moiroux
 */
public class OAuth2AuthorizationCodeAuthenticationProviderTests {
	private static final String AUTHORIZATION_CODE = "code";
	private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;

            

Reported by PMD.

              public class OAuth2AuthorizationCodeAuthenticationProviderTests {
	private static final String AUTHORIZATION_CODE = "code";
	private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2AuthorizationCodeAuthenticationProvider authenticationProvider;

	@Before

            

Reported by PMD.

              	private static final String AUTHORIZATION_CODE = "code";
	private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2AuthorizationCodeAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {

            

Reported by PMD.

              	private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2AuthorizationCodeAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.authorizationService = mock(OAuth2AuthorizationService.class);

            

Reported by PMD.

              	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2AuthorizationCodeAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.authorizationService = mock(OAuth2AuthorizationService.class);
		this.jwtEncoder = mock(JwtEncoder.class);

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationProvider(null, this.jwtEncoder))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationService cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationProvider(null, this.jwtEncoder))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationService cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwtEncoderNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationProvider(this.authorizationService, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jwtEncoder cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwtEncoderNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationCodeAuthenticationProvider(this.authorizationService, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jwtEncoder cannot be null");
	}

	@Test

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.authentication;

import java.security.Principal;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Collections;

            

Reported by PMD.

               * @author Anoop Garlapati
 * @since 0.0.3
 */
public class OAuth2RefreshTokenAuthenticationProviderTests {
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2RefreshTokenAuthenticationProvider authenticationProvider;


            

Reported by PMD.

               * @since 0.0.3
 */
public class OAuth2RefreshTokenAuthenticationProviderTests {
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2RefreshTokenAuthenticationProvider authenticationProvider;

	@Before

            

Reported by PMD.

               */
public class OAuth2RefreshTokenAuthenticationProviderTests {
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2RefreshTokenAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {

            

Reported by PMD.

              public class OAuth2RefreshTokenAuthenticationProviderTests {
	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2RefreshTokenAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.authorizationService = mock(OAuth2AuthorizationService.class);

            

Reported by PMD.

              	private OAuth2AuthorizationService authorizationService;
	private JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer;
	private OAuth2RefreshTokenAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.authorizationService = mock(OAuth2AuthorizationService.class);
		this.jwtEncoder = mock(JwtEncoder.class);

            

Reported by PMD.

              	public void setUp() {
		this.authorizationService = mock(OAuth2AuthorizationService.class);
		this.jwtEncoder = mock(JwtEncoder.class);
		when(this.jwtEncoder.encode(any(), any())).thenReturn(createJwt(Collections.singleton("scope1")));
		this.authenticationProvider = new OAuth2RefreshTokenAuthenticationProvider(
				this.authorizationService, this.jwtEncoder);
		this.jwtCustomizer = mock(OAuth2TokenCustomizer.class);
		this.authenticationProvider.setJwtCustomizer(this.jwtCustomizer);
	}

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationProvider(null, this.jwtEncoder))
				.isInstanceOf(IllegalArgumentException.class)
				.extracting(Throwable::getMessage)
				.isEqualTo("authorizationService cannot be null");
	}


            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationProvider(null, this.jwtEncoder))
				.isInstanceOf(IllegalArgumentException.class)
				.extracting(Throwable::getMessage)
				.isEqualTo("authorizationService cannot be null");
	}


            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2RefreshTokenAuthenticationProvider(null, this.jwtEncoder))
				.isInstanceOf(IllegalArgumentException.class)
				.extracting(Throwable::getMessage)
				.isEqualTo("authorizationService cannot be null");
	}


            

Reported by PMD.

               *
 * @author Daniel Garnier-Moiroux
 */
public class OAuth2AuthorizationServerMetadataTests {
	// @formatter:off
	private final Builder minimalBuilder =
			OAuth2AuthorizationServerMetadata.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")

            

Reported by PMD.

               */
public class OAuth2AuthorizationServerMetadataTests {
	// @formatter:off
	private final Builder minimalBuilder =
			OAuth2AuthorizationServerMetadata.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.responseType("code");

            

Reported by PMD.

              	// @formatter:off
	private final Builder minimalBuilder =
			OAuth2AuthorizationServerMetadata.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.responseType("code");
	// @formatter:on


            

Reported by PMD.

              	private final Builder minimalBuilder =
			OAuth2AuthorizationServerMetadata.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.responseType("code");
	// @formatter:on

	@Test

            

Reported by PMD.

              			OAuth2AuthorizationServerMetadata.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.responseType("code");
	// @formatter:on

	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {

            

Reported by PMD.

              					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.responseType("code");
	// @formatter:on

	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {
		OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()

            

Reported by PMD.

              	// @formatter:on

	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {
		OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
				.issuer("https://example.com/issuer1")
				.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
				.tokenEndpoint("https://example.com/issuer1/oauth2/token")
				.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())

            

Reported by PMD.

              
	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {
		OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
				.issuer("https://example.com/issuer1")
				.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
				.tokenEndpoint("https://example.com/issuer1/oauth2/token")
				.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
				.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")

            

Reported by PMD.

              
	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {
		OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
				.issuer("https://example.com/issuer1")
				.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
				.tokenEndpoint("https://example.com/issuer1/oauth2/token")
				.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
				.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")

            

Reported by PMD.

              
	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {
		OAuth2AuthorizationServerMetadata authorizationServerMetadata = OAuth2AuthorizationServerMetadata.builder()
				.issuer("https://example.com/issuer1")
				.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
				.tokenEndpoint("https://example.com/issuer1/oauth2/token")
				.tokenEndpointAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue())
				.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.web;

import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collections;

            

Reported by PMD.

               * @author Joe Grandja
 * @author Daniel Garnier-Moiroux
 */
public class OAuth2TokenEndpointFilterTests {
	private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/oauth2/token";
	private static final String REMOTE_ADDRESS = "remote-address";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =

            

Reported by PMD.

              public class OAuth2TokenEndpointFilterTests {
	private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/oauth2/token";
	private static final String REMOTE_ADDRESS = "remote-address";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();
	private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
			new OAuth2AccessTokenResponseHttpMessageConverter();

            

Reported by PMD.

              	private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/oauth2/token";
	private static final String REMOTE_ADDRESS = "remote-address";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();
	private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
			new OAuth2AccessTokenResponseHttpMessageConverter();


            

Reported by PMD.

              	private static final String REMOTE_ADDRESS = "remote-address";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();
	private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
			new OAuth2AccessTokenResponseHttpMessageConverter();

	@Before

            

Reported by PMD.

              	private OAuth2TokenEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();
	private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter =
			new OAuth2AccessTokenResponseHttpMessageConverter();

	@Before
	public void setUp() {
		this.authenticationManager = mock(AuthenticationManager.class);

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(null, "tokenEndpointUri"))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(null, "tokenEndpointUri"))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(this.authenticationManager, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("tokenEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenEndpointFilter(this.authenticationManager, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("tokenEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;

            

Reported by PMD.

               * @author Joe Grandja
 * @author Daniel Garnier-Moiroux
 */
public class OAuth2AuthorizationCodeGrantTests {
	private static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize";
	private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/oauth2/token";
	// See RFC 7636: Appendix B.  Example for the S256 code_challenge_method
	// https://tools.ietf.org/html/rfc7636#appendix-B
	private static final String S256_CODE_VERIFIER = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";

            

Reported by PMD.

               * @author Joe Grandja
 * @author Daniel Garnier-Moiroux
 */
public class OAuth2AuthorizationCodeGrantTests {
	private static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize";
	private static final String DEFAULT_TOKEN_ENDPOINT_URI = "/oauth2/token";
	// See RFC 7636: Appendix B.  Example for the S256 code_challenge_method
	// https://tools.ietf.org/html/rfc7636#appendix-B
	private static final String S256_CODE_VERIFIER = "dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk";

            

Reported by PMD.

              	private static String consentPage = "/oauth2/consent";

	@Rule
	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired

            

Reported by PMD.

              	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired

            

Reported by PMD.

              	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired

            

Reported by PMD.

              	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@Autowired

            

Reported by PMD.

              	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@Autowired
	private JwtDecoder jwtDecoder;

	@BeforeClass

            

Reported by PMD.

              	private OAuth2AuthorizationService authorizationService;

	@Autowired
	private JwtDecoder jwtDecoder;

	@BeforeClass
	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.oidc.authentication;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;

            

Reported by PMD.

               * @author Ovidiu Popa
 * @author Joe Grandja
 */
public class OidcClientRegistrationAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OidcClientRegistrationAuthenticationProvider authenticationProvider;

	@Before

            

Reported by PMD.

               * @author Joe Grandja
 */
public class OidcClientRegistrationAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OidcClientRegistrationAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {

            

Reported by PMD.

               */
public class OidcClientRegistrationAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OidcClientRegistrationAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);

            

Reported by PMD.

              public class OidcClientRegistrationAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OidcClientRegistrationAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);
		this.authorizationService = mock(OAuth2AuthorizationService.class);

            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OidcClientRegistrationAuthenticationProvider(null, this.authorizationService))
				.withMessage("registeredClientRepository cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OidcClientRegistrationAuthenticationProvider(null, this.authorizationService))
				.withMessage("registeredClientRepository cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OidcClientRegistrationAuthenticationProvider(this.registeredClientRepository, null))
				.withMessage("authorizationService cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OidcClientRegistrationAuthenticationProvider(this.registeredClientRepository, null))
				.withMessage("authorizationService cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void supportsWhenTypeOidcClientRegistrationAuthenticationTokenThenReturnTrue() {
		assertThat(this.authenticationProvider.supports(OidcClientRegistrationAuthenticationToken.class)).isTrue();
	}

	@Test
	public void authenticateWhenPrincipalNotOAuth2TokenAuthenticationTokenThenThrowOAuth2AuthenticationException() {
		TestingAuthenticationToken principal = new TestingAuthenticationToken("principal", "credentials");

            

Reported by PMD.

               *
 * @author Daniel Garnier-Moiroux
 */
public class OidcProviderConfigurationTests {
	private final OidcProviderConfiguration.Builder minimalConfigurationBuilder =
			OidcProviderConfiguration.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")

            

Reported by PMD.

               * @author Daniel Garnier-Moiroux
 */
public class OidcProviderConfigurationTests {
	private final OidcProviderConfiguration.Builder minimalConfigurationBuilder =
			OidcProviderConfiguration.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")

            

Reported by PMD.

              public class OidcProviderConfigurationTests {
	private final OidcProviderConfiguration.Builder minimalConfigurationBuilder =
			OidcProviderConfiguration.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
					.scope("openid")
					.responseType("code")

            

Reported by PMD.

              	private final OidcProviderConfiguration.Builder minimalConfigurationBuilder =
			OidcProviderConfiguration.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
					.scope("openid")
					.responseType("code")
					.subjectType("public")

            

Reported by PMD.

              			OidcProviderConfiguration.builder()
					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
					.scope("openid")
					.responseType("code")
					.subjectType("public")
					.idTokenSigningAlgorithm("RS256");

            

Reported by PMD.

              					.issuer("https://example.com/issuer1")
					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
					.scope("openid")
					.responseType("code")
					.subjectType("public")
					.idTokenSigningAlgorithm("RS256");


            

Reported by PMD.

              					.authorizationEndpoint("https://example.com/issuer1/oauth2/authorize")
					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
					.scope("openid")
					.responseType("code")
					.subjectType("public")
					.idTokenSigningAlgorithm("RS256");

	@Test

            

Reported by PMD.

              					.tokenEndpoint("https://example.com/issuer1/oauth2/token")
					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
					.scope("openid")
					.responseType("code")
					.subjectType("public")
					.idTokenSigningAlgorithm("RS256");

	@Test
	public void buildWhenAllRequiredClaimsAndAdditionalClaimsThenCreated() {

            

Reported by PMD.

              					.jwkSetUrl("https://example.com/issuer1/oauth2/jwks")
					.scope("openid")
					.responseType("code")
					.subjectType("public")
					.idTokenSigningAlgorithm("RS256");

	@Test
	public void buildWhenAllRequiredClaimsAndAdditionalClaimsThenCreated() {
		OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder()

            

Reported by PMD.

              					.scope("openid")
					.responseType("code")
					.subjectType("public")
					.idTokenSigningAlgorithm("RS256");

	@Test
	public void buildWhenAllRequiredClaimsAndAdditionalClaimsThenCreated() {
		OidcProviderConfiguration providerConfiguration = OidcProviderConfiguration.builder()
				.issuer("https://example.com/issuer1")

            

Reported by PMD.

               * @author Daniel Garnier-Moiroux
 * @author Anoop Garlapati
 */
public class OAuth2ClientAuthenticationProviderTests {
	private static final String PLAIN_CODE_VERIFIER = "pkce-key";
	private static final String PLAIN_CODE_CHALLENGE = PLAIN_CODE_VERIFIER;

	// See RFC 7636: Appendix B.  Example for the S256 code_challenge_method
	// https://tools.ietf.org/html/rfc7636#appendix-B

            

Reported by PMD.

              	private static final String AUTHORIZATION_CODE = "code";
	private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);

	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2ClientAuthenticationProvider authenticationProvider;
	private PasswordEncoder passwordEncoder;

	@Before

            

Reported by PMD.

              	private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);

	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2ClientAuthenticationProvider authenticationProvider;
	private PasswordEncoder passwordEncoder;

	@Before
	public void setUp() {

            

Reported by PMD.

              
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2ClientAuthenticationProvider authenticationProvider;
	private PasswordEncoder passwordEncoder;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);

            

Reported by PMD.

              	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2ClientAuthenticationProvider authenticationProvider;
	private PasswordEncoder passwordEncoder;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);
		this.authorizationService = mock(OAuth2AuthorizationService.class);

            

Reported by PMD.

              		this.passwordEncoder = spy(new PasswordEncoder() {
			@Override
			public String encode(CharSequence rawPassword) {
				return NoOpPasswordEncoder.getInstance().encode(rawPassword);
			}

			@Override
			public boolean matches(CharSequence rawPassword, String encodedPassword) {
				return NoOpPasswordEncoder.getInstance().matches(rawPassword, encodedPassword);

            

Reported by PMD.

              
			@Override
			public boolean matches(CharSequence rawPassword, String encodedPassword) {
				return NoOpPasswordEncoder.getInstance().matches(rawPassword, encodedPassword);
			}
		});
		this.authenticationProvider.setPasswordEncoder(this.passwordEncoder);
	}


            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2ClientAuthenticationProvider(null, this.authorizationService))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2ClientAuthenticationProvider(null, this.authorizationService))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2ClientAuthenticationProvider(this.registeredClientRepository, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationService cannot be null");
	}

	@Test

            

Reported by PMD.

               *
 * @author Anoop Garlapati
 */
public class RegisteredClientTests {
	private static final String ID = "registration-1";
	private static final String CLIENT_ID = "client-1";
	private static final String CLIENT_SECRET = "secret";
	private static final Set<String> REDIRECT_URIS = Collections.singleton("https://example.com");
	private static final Set<String> SCOPES = Collections.unmodifiableSet(

            

Reported by PMD.

              
	@Test
	public void buildWhenAuthorizationGrantTypesNotSetThenThrowIllegalArgumentException() {
		assertThatThrownBy(() ->
				RegisteredClient.withId(ID)
						.clientId(CLIENT_ID)
						.clientSecret(CLIENT_SECRET)
						.redirectUris(redirectUris -> redirectUris.addAll(REDIRECT_URIS))
						.scopes(scopes -> scopes.addAll(SCOPES))

            

Reported by PMD.

              	}

	@Test
	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)

            

Reported by PMD.

              	@Test
	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret(CLIENT_SECRET)
				.clientSecretExpiresAt(clientSecretExpiresAt)

            

Reported by PMD.

              	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret(CLIENT_SECRET)
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret(CLIENT_SECRET)
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret(CLIENT_SECRET)
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret(CLIENT_SECRET)
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret(CLIENT_SECRET)
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              	public void buildWhenAllAttributesProvidedThenAllAttributesAreSet() {
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		RegisteredClient registration = RegisteredClient.withId(ID)
				.clientId(CLIENT_ID)
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret(CLIENT_SECRET)
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.