* See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.sql.Types;

            

Reported by PMD.

               *
 * @author Ovidiu Popa
 */
public class JdbcOAuth2AuthorizationServiceTests {
	private static final String OAUTH2_AUTHORIZATION_SCHEMA_SQL_RESOURCE = "org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql";
	private static final String CUSTOM_OAUTH2_AUTHORIZATION_SCHEMA_SQL_RESOURCE = "org/springframework/security/oauth2/server/authorization/custom-oauth2-authorization-schema.sql";
	private static final OAuth2TokenType AUTHORIZATION_CODE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.CODE);
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private static final String ID = "id";

            

Reported by PMD.

              	private static final OAuth2AuthorizationCode AUTHORIZATION_CODE = new OAuth2AuthorizationCode(
			"code", Instant.now().truncatedTo(ChronoUnit.MILLIS), Instant.now().plus(5, ChronoUnit.MINUTES).truncatedTo(ChronoUnit.MILLIS));

	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationService authorizationService;

	@Before

            

Reported by PMD.

              			"code", Instant.now().truncatedTo(ChronoUnit.MILLIS), Instant.now().plus(5, ChronoUnit.MINUTES).truncatedTo(ChronoUnit.MILLIS));

	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationService authorizationService;

	@Before
	public void setUp() {

            

Reported by PMD.

              
	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationService authorizationService;

	@Before
	public void setUp() {
		this.db = createDb();

            

Reported by PMD.

              	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationService authorizationService;

	@Before
	public void setUp() {
		this.db = createDb();
		this.jdbcOperations = new JdbcTemplate(this.db);

            

Reported by PMD.

              	@Test
	public void constructorWhenJdbcOperationsIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationService(null, this.registeredClientRepository))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jdbcOperations cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

              	@Test
	public void constructorWhenJdbcOperationsIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationService(null, this.registeredClientRepository))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jdbcOperations cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

              	@Test
	public void constructorWhenRegisteredClientRepositoryIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationService(this.jdbcOperations, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

              	@Test
	public void constructorWhenRegisteredClientRepositoryIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationService(this.jdbcOperations, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.authentication;

import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collections;

            

Reported by PMD.

               * @author Gerardo Roza
 * @author Joe Grandja
 */
public class OAuth2TokenIntrospectionAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2TokenIntrospectionAuthenticationProvider authenticationProvider;

	@Before

            

Reported by PMD.

               * @author Joe Grandja
 */
public class OAuth2TokenIntrospectionAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2TokenIntrospectionAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {

            

Reported by PMD.

               */
public class OAuth2TokenIntrospectionAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2TokenIntrospectionAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);

            

Reported by PMD.

              public class OAuth2TokenIntrospectionAuthenticationProviderTests {
	private RegisteredClientRepository registeredClientRepository;
	private OAuth2AuthorizationService authorizationService;
	private OAuth2TokenIntrospectionAuthenticationProvider authenticationProvider;

	@Before
	public void setUp() {
		this.registeredClientRepository = mock(RegisteredClientRepository.class);
		this.authorizationService = mock(OAuth2AuthorizationService.class);

            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationProvider(null, this.authorizationService))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenRegisteredClientRepositoryNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationProvider(null, this.authorizationService))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationProvider(this.registeredClientRepository, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationService cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthorizationServiceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationProvider(this.registeredClientRepository, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationService cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void supportsWhenTypeOAuth2TokenIntrospectionAuthenticationTokenThenReturnTrue() {
		assertThat(this.authenticationProvider.supports(OAuth2TokenIntrospectionAuthenticationToken.class)).isTrue();
	}

	@Test
	public void authenticateWhenClientPrincipalNotOAuth2ClientAuthenticationTokenThenThrowOAuth2AuthenticationException() {
		RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.web;

import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.time.Instant;
import java.time.temporal.ChronoUnit;

            

Reported by PMD.

               * @author Anoop Garlapati
 * @since 0.0.1
 */
public class OAuth2AuthorizationEndpointFilterTests {
	private static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize";
	private AuthenticationManager authenticationManager;
	private OAuth2AuthorizationEndpointFilter filter;
	private TestingAuthenticationToken principal;
	private OAuth2AuthorizationCode authorizationCode;

            

Reported by PMD.

               */
public class OAuth2AuthorizationEndpointFilterTests {
	private static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize";
	private AuthenticationManager authenticationManager;
	private OAuth2AuthorizationEndpointFilter filter;
	private TestingAuthenticationToken principal;
	private OAuth2AuthorizationCode authorizationCode;

	@Before

            

Reported by PMD.

              public class OAuth2AuthorizationEndpointFilterTests {
	private static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize";
	private AuthenticationManager authenticationManager;
	private OAuth2AuthorizationEndpointFilter filter;
	private TestingAuthenticationToken principal;
	private OAuth2AuthorizationCode authorizationCode;

	@Before
	public void setUp() {

            

Reported by PMD.

              	private static final String DEFAULT_AUTHORIZATION_ENDPOINT_URI = "/oauth2/authorize";
	private AuthenticationManager authenticationManager;
	private OAuth2AuthorizationEndpointFilter filter;
	private TestingAuthenticationToken principal;
	private OAuth2AuthorizationCode authorizationCode;

	@Before
	public void setUp() {
		this.authenticationManager = mock(AuthenticationManager.class);

            

Reported by PMD.

              	private AuthenticationManager authenticationManager;
	private OAuth2AuthorizationEndpointFilter filter;
	private TestingAuthenticationToken principal;
	private OAuth2AuthorizationCode authorizationCode;

	@Before
	public void setUp() {
		this.authenticationManager = mock(AuthenticationManager.class);
		this.filter = new OAuth2AuthorizationEndpointFilter(this.authenticationManager);

            

Reported by PMD.

              		this.principal = new TestingAuthenticationToken("principalName", "password");
		this.principal.setAuthenticated(true);
		SecurityContext securityContext = SecurityContextHolder.createEmptyContext();
		securityContext.setAuthentication(this.principal);
		SecurityContextHolder.setContext(securityContext);
		Instant issuedAt = Instant.now();
		Instant expiresAt = issuedAt.plus(5, ChronoUnit.MINUTES);
		this.authorizationCode = new OAuth2AuthorizationCode("code", issuedAt, expiresAt);
	}

            

Reported by PMD.

              		securityContext.setAuthentication(this.principal);
		SecurityContextHolder.setContext(securityContext);
		Instant issuedAt = Instant.now();
		Instant expiresAt = issuedAt.plus(5, ChronoUnit.MINUTES);
		this.authorizationCode = new OAuth2AuthorizationCode("code", issuedAt, expiresAt);
	}

	@After
	public void cleanup() {

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2AuthorizationEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

               * @author Ovidiu Popa
 * @author Joe Grandja
 */
public class OidcClientRegistrationTests {
	// @formatter:off
	private final OidcClientRegistration.Builder minimalBuilder =
			OidcClientRegistration.builder()
					.redirectUri("https://client.example.com");
	// @formatter:on

            

Reported by PMD.

               */
public class OidcClientRegistrationTests {
	// @formatter:off
	private final OidcClientRegistration.Builder minimalBuilder =
			OidcClientRegistration.builder()
					.redirectUri("https://client.example.com");
	// @formatter:on

	@Test

            

Reported by PMD.

              	// @formatter:off
	private final OidcClientRegistration.Builder minimalBuilder =
			OidcClientRegistration.builder()
					.redirectUri("https://client.example.com");
	// @formatter:on

	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {
		// @formatter:off

            

Reported by PMD.

              	// @formatter:on

	@Test
	public void buildWhenAllClaimsProvidedThenCreated() {
		// @formatter:off
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		OidcClientRegistration clientRegistration = OidcClientRegistration.builder()
				.clientId("client-id")

            

Reported by PMD.

              	public void buildWhenAllClaimsProvidedThenCreated() {
		// @formatter:off
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		OidcClientRegistration clientRegistration = OidcClientRegistration.builder()
				.clientId("client-id")
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret("client-secret")
				.clientSecretExpiresAt(clientSecretExpiresAt)

            

Reported by PMD.

              		// @formatter:off
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		OidcClientRegistration clientRegistration = OidcClientRegistration.builder()
				.clientId("client-id")
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret("client-secret")
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              		// @formatter:off
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		OidcClientRegistration clientRegistration = OidcClientRegistration.builder()
				.clientId("client-id")
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret("client-secret")
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              		// @formatter:off
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		OidcClientRegistration clientRegistration = OidcClientRegistration.builder()
				.clientId("client-id")
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret("client-secret")
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              		// @formatter:off
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		OidcClientRegistration clientRegistration = OidcClientRegistration.builder()
				.clientId("client-id")
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret("client-secret")
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

              		// @formatter:off
		Instant clientIdIssuedAt = Instant.now();
		Instant clientSecretExpiresAt = clientIdIssuedAt.plus(30, ChronoUnit.DAYS);
		OidcClientRegistration clientRegistration = OidcClientRegistration.builder()
				.clientId("client-id")
				.clientIdIssuedAt(clientIdIssuedAt)
				.clientSecret("client-secret")
				.clientSecretExpiresAt(clientSecretExpiresAt)
				.clientName("client-name")

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.authentication;

import java.security.Principal;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.Base64;

            

Reported by PMD.

               * @see OAuth2AuthorizationConsentService
 * @see <a target="_blank" href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
 */
public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implements AuthenticationProvider {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private static final String PKCE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1";
	private static final StringKeyGenerator DEFAULT_AUTHORIZATION_CODE_GENERATOR =
			new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
	private static final StringKeyGenerator DEFAULT_STATE_GENERATOR =

            

Reported by PMD.

               * @see OAuth2AuthorizationConsentService
 * @see <a target="_blank" href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
 */
public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implements AuthenticationProvider {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private static final String PKCE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1";
	private static final StringKeyGenerator DEFAULT_AUTHORIZATION_CODE_GENERATOR =
			new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
	private static final StringKeyGenerator DEFAULT_STATE_GENERATOR =

            

Reported by PMD.

               * @see OAuth2AuthorizationConsentService
 * @see <a target="_blank" href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
 */
public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implements AuthenticationProvider {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private static final String PKCE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1";
	private static final StringKeyGenerator DEFAULT_AUTHORIZATION_CODE_GENERATOR =
			new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
	private static final StringKeyGenerator DEFAULT_STATE_GENERATOR =

            

Reported by PMD.

               * @see OAuth2AuthorizationConsentService
 * @see <a target="_blank" href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
 */
public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implements AuthenticationProvider {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private static final String PKCE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1";
	private static final StringKeyGenerator DEFAULT_AUTHORIZATION_CODE_GENERATOR =
			new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
	private static final StringKeyGenerator DEFAULT_STATE_GENERATOR =

            

Reported by PMD.

               * @see OAuth2AuthorizationConsentService
 * @see <a target="_blank" href="https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.1">Section 4.1.1 Authorization Request</a>
 */
public final class OAuth2AuthorizationCodeRequestAuthenticationProvider implements AuthenticationProvider {
	private static final OAuth2TokenType STATE_TOKEN_TYPE = new OAuth2TokenType(OAuth2ParameterNames.STATE);
	private static final String PKCE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1";
	private static final StringKeyGenerator DEFAULT_AUTHORIZATION_CODE_GENERATOR =
			new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
	private static final StringKeyGenerator DEFAULT_STATE_GENERATOR =

            

Reported by PMD.

              			new Base64StringKeyGenerator(Base64.getUrlEncoder());
	private static final Function<String, OAuth2AuthenticationValidator> DEFAULT_AUTHENTICATION_VALIDATOR_RESOLVER =
			createDefaultAuthenticationValidatorResolver();
	private final RegisteredClientRepository registeredClientRepository;
	private final OAuth2AuthorizationService authorizationService;
	private final OAuth2AuthorizationConsentService authorizationConsentService;
	private Supplier<String> authorizationCodeGenerator = DEFAULT_AUTHORIZATION_CODE_GENERATOR::generateKey;
	private Function<String, OAuth2AuthenticationValidator> authenticationValidatorResolver = DEFAULT_AUTHENTICATION_VALIDATOR_RESOLVER;


            

Reported by PMD.

              	private static final Function<String, OAuth2AuthenticationValidator> DEFAULT_AUTHENTICATION_VALIDATOR_RESOLVER =
			createDefaultAuthenticationValidatorResolver();
	private final RegisteredClientRepository registeredClientRepository;
	private final OAuth2AuthorizationService authorizationService;
	private final OAuth2AuthorizationConsentService authorizationConsentService;
	private Supplier<String> authorizationCodeGenerator = DEFAULT_AUTHORIZATION_CODE_GENERATOR::generateKey;
	private Function<String, OAuth2AuthenticationValidator> authenticationValidatorResolver = DEFAULT_AUTHENTICATION_VALIDATOR_RESOLVER;

	/**

            

Reported by PMD.

              			createDefaultAuthenticationValidatorResolver();
	private final RegisteredClientRepository registeredClientRepository;
	private final OAuth2AuthorizationService authorizationService;
	private final OAuth2AuthorizationConsentService authorizationConsentService;
	private Supplier<String> authorizationCodeGenerator = DEFAULT_AUTHORIZATION_CODE_GENERATOR::generateKey;
	private Function<String, OAuth2AuthenticationValidator> authenticationValidatorResolver = DEFAULT_AUTHENTICATION_VALIDATOR_RESOLVER;

	/**
	 * Constructs an {@code OAuth2AuthorizationCodeRequestAuthenticationProvider} using the provided parameters.

            

Reported by PMD.

              	private final RegisteredClientRepository registeredClientRepository;
	private final OAuth2AuthorizationService authorizationService;
	private final OAuth2AuthorizationConsentService authorizationConsentService;
	private Supplier<String> authorizationCodeGenerator = DEFAULT_AUTHORIZATION_CODE_GENERATOR::generateKey;
	private Function<String, OAuth2AuthenticationValidator> authenticationValidatorResolver = DEFAULT_AUTHENTICATION_VALIDATOR_RESOLVER;

	/**
	 * Constructs an {@code OAuth2AuthorizationCodeRequestAuthenticationProvider} using the provided parameters.
	 *

            

Reported by PMD.

              
	@Test
	public void withWhenClientIdNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> OAuth2AuthorizationCodeRequestAuthenticationToken.with(null, PRINCIPAL))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("clientId cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void withWhenClientIdNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> OAuth2AuthorizationCodeRequestAuthenticationToken.with(null, PRINCIPAL))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("clientId cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void withWhenPrincipalNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> OAuth2AuthorizationCodeRequestAuthenticationToken.with(REGISTERED_CLIENT.getClientId(), null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("principal cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void withWhenPrincipalNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> OAuth2AuthorizationCodeRequestAuthenticationToken.with(REGISTERED_CLIENT.getClientId(), null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("principal cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void buildWhenAuthorizationUriNotProvidedThenThrowIllegalArgumentException() {
		assertThatThrownBy(() ->
				OAuth2AuthorizationCodeRequestAuthenticationToken.with(REGISTERED_CLIENT.getClientId(), PRINCIPAL)
						.build())
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationUri cannot be empty");
	}

            

Reported by PMD.

              
	@Test
	public void buildWhenAuthorizationUriNotProvidedThenThrowIllegalArgumentException() {
		assertThatThrownBy(() ->
				OAuth2AuthorizationCodeRequestAuthenticationToken.with(REGISTERED_CLIENT.getClientId(), PRINCIPAL)
						.build())
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authorizationUri cannot be empty");
	}

            

Reported by PMD.

              
	@Test
	public void buildWhenStateNotProvidedThenThrowIllegalArgumentException() {
		assertThatThrownBy(() ->
				OAuth2AuthorizationCodeRequestAuthenticationToken.with(REGISTERED_CLIENT.getClientId(), PRINCIPAL)
						.authorizationUri(AUTHORIZATION_URI)
						.consent(true)
						.build())
				.isInstanceOf(IllegalArgumentException.class)

            

Reported by PMD.

              
	@Test
	public void buildWhenStateNotProvidedThenThrowIllegalArgumentException() {
		assertThatThrownBy(() ->
				OAuth2AuthorizationCodeRequestAuthenticationToken.with(REGISTERED_CLIENT.getClientId(), PRINCIPAL)
						.authorizationUri(AUTHORIZATION_URI)
						.consent(true)
						.build())
				.isInstanceOf(IllegalArgumentException.class)

            

Reported by PMD.

              	}

	@Test
	public void buildWhenAuthorizationCodeRequestThenValuesAreSet() {
		String clientId = REGISTERED_CLIENT.getClientId();
		String redirectUri = REGISTERED_CLIENT.getRedirectUris().iterator().next();
		Set<String> requestedScopes = REGISTERED_CLIENT.getScopes();
		Map<String, Object> additionalParameters = Collections.singletonMap("param1", "value1");


            

Reported by PMD.

              	@Test
	public void buildWhenAuthorizationCodeRequestThenValuesAreSet() {
		String clientId = REGISTERED_CLIENT.getClientId();
		String redirectUri = REGISTERED_CLIENT.getRedirectUris().iterator().next();
		Set<String> requestedScopes = REGISTERED_CLIENT.getScopes();
		Map<String, Object> additionalParameters = Collections.singletonMap("param1", "value1");

		OAuth2AuthorizationCodeRequestAuthenticationToken authentication =
				OAuth2AuthorizationCodeRequestAuthenticationToken.with(clientId, PRINCIPAL)

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.jwt;

import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.ArrayList;
import java.util.Arrays;

            

Reported by PMD.

               */
public class NimbusJwsEncoderTests {

	private List<JWK> jwkList;

	private JWKSource<SecurityContext> jwkSource;

	private NimbusJwsEncoder jwsEncoder;


            

Reported by PMD.

              
	private List<JWK> jwkList;

	private JWKSource<SecurityContext> jwkSource;

	private NimbusJwsEncoder jwsEncoder;

	@Before
	public void setUp() {

            

Reported by PMD.

              
	private JWKSource<SecurityContext> jwkSource;

	private NimbusJwsEncoder jwsEncoder;

	@Before
	public void setUp() {
		this.jwkList = new ArrayList<>();
		this.jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(new JWKSet(this.jwkList));

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwkSourceNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwsEncoder(null))
				.withMessage("jwkSource cannot be null");
	}

	@Test
	public void encodeWhenHeadersNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwkSourceNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException().isThrownBy(() -> new NimbusJwsEncoder(null))
				.withMessage("jwkSource cannot be null");
	}

	@Test
	public void encodeWhenHeadersNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

              
	@Test
	public void encodeWhenHeadersNullThenThrowIllegalArgumentException() {
		JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();

		assertThatIllegalArgumentException().isThrownBy(() -> this.jwsEncoder.encode(null, jwtClaimsSet))
				.withMessage("headers cannot be null");
	}


            

Reported by PMD.

              	public void encodeWhenHeadersNullThenThrowIllegalArgumentException() {
		JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();

		assertThatIllegalArgumentException().isThrownBy(() -> this.jwsEncoder.encode(null, jwtClaimsSet))
				.withMessage("headers cannot be null");
	}

	@Test
	public void encodeWhenClaimsNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

              	public void encodeWhenHeadersNullThenThrowIllegalArgumentException() {
		JwtClaimsSet jwtClaimsSet = TestJwtClaimsSets.jwtClaimsSet().build();

		assertThatIllegalArgumentException().isThrownBy(() -> this.jwsEncoder.encode(null, jwtClaimsSet))
				.withMessage("headers cannot be null");
	}

	@Test
	public void encodeWhenClaimsNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

              
	@Test
	public void encodeWhenClaimsNullThenThrowIllegalArgumentException() {
		JoseHeader joseHeader = TestJoseHeaders.joseHeader().build();

		assertThatIllegalArgumentException().isThrownBy(() -> this.jwsEncoder.encode(joseHeader, null))
				.withMessage("claims cannot be null");
	}


            

Reported by PMD.

              	public void readInternalWhenFailingConverterThenThrowException() {
		String errorMessage = "this is not a valid converter";
		this.messageConverter.setAuthorizationServerMetadataConverter(source -> {
			throw new RuntimeException(errorMessage);
		});
		MockClientHttpResponse response = new MockClientHttpResponse("{}".getBytes(), HttpStatus.OK);

		assertThatExceptionOfType(HttpMessageNotReadableException.class)
				.isThrownBy(() -> this.messageConverter.readInternal(OAuth2AuthorizationServerMetadata.class, response))

            

Reported by PMD.

              		String errorMessage = "this is not a valid converter";
		Converter<OAuth2AuthorizationServerMetadata, Map<String, Object>> failingConverter =
				source -> {
					throw new RuntimeException(errorMessage);
				};
		this.messageConverter.setAuthorizationServerMetadataParametersConverter(failingConverter);

		MockHttpOutputMessage outputMessage = new MockHttpOutputMessage();
		OAuth2AuthorizationServerMetadata authorizationServerMetadata =

            

Reported by PMD.

               * @author Daniel Garnier-Moiroux
 */
public class OAuth2AuthorizationServerMetadataHttpMessageConverterTests {
	private final OAuth2AuthorizationServerMetadataHttpMessageConverter messageConverter = new OAuth2AuthorizationServerMetadataHttpMessageConverter();

	@Test
	public void supportsWhenOAuth2AuthorizationServerMetadataThenTrue() {
		assertThat(this.messageConverter.supports(OAuth2AuthorizationServerMetadata.class)).isTrue();
	}

            

Reported by PMD.

              
	@Test
	public void supportsWhenOAuth2AuthorizationServerMetadataThenTrue() {
		assertThat(this.messageConverter.supports(OAuth2AuthorizationServerMetadata.class)).isTrue();
	}

	@Test
	public void setAuthorizationServerMetadataParametersConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setAuthorizationServerMetadataParametersConverter(null));

            

Reported by PMD.

              
	@Test
	public void setAuthorizationServerMetadataParametersConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setAuthorizationServerMetadataParametersConverter(null));
	}

	@Test
	public void setAuthorizationServerMetadataConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setAuthorizationServerMetadataConverter(null));

            

Reported by PMD.

              
	@Test
	public void setAuthorizationServerMetadataConverterWhenConverterIsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException().isThrownBy(() -> this.messageConverter.setAuthorizationServerMetadataConverter(null));
	}

	@Test
	public void readInternalWhenRequiredParametersThenSuccess() throws Exception {
		// @formatter:off

            

Reported by PMD.

              	}

	@Test
	public void readInternalWhenRequiredParametersThenSuccess() throws Exception {
		// @formatter:off
		String authorizationServerMetadataResponse = "{\n"
				+ "		\"issuer\": \"https://example.com/issuer1\",\n"
				+ "		\"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n"
				+ "		\"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n"

            

Reported by PMD.

              	}

	@Test
	public void readInternalWhenRequiredParametersThenSuccess() throws Exception {
		// @formatter:off
		String authorizationServerMetadataResponse = "{\n"
				+ "		\"issuer\": \"https://example.com/issuer1\",\n"
				+ "		\"authorization_endpoint\": \"https://example.com/issuer1/oauth2/authorize\",\n"
				+ "		\"token_endpoint\": \"https://example.com/issuer1/oauth2/token\",\n"

            

Reported by PMD.

              				+ "		\"response_types_supported\": [\"code\"]\n"
				+ "}\n";
		// @formatter:on
		MockClientHttpResponse response = new MockClientHttpResponse(authorizationServerMetadataResponse.getBytes(), HttpStatus.OK);
		OAuth2AuthorizationServerMetadata authorizationServerMetadata = this.messageConverter
				.readInternal(OAuth2AuthorizationServerMetadata.class, response);

		assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1"));
		assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize"));

            

Reported by PMD.

              		OAuth2AuthorizationServerMetadata authorizationServerMetadata = this.messageConverter
				.readInternal(OAuth2AuthorizationServerMetadata.class, response);

		assertThat(authorizationServerMetadata.getIssuer()).isEqualTo(new URL("https://example.com/issuer1"));
		assertThat(authorizationServerMetadata.getAuthorizationEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/authorize"));
		assertThat(authorizationServerMetadata.getTokenEndpoint()).isEqualTo(new URL("https://example.com/issuer1/oauth2/token"));
		assertThat(authorizationServerMetadata.getTokenEndpointAuthenticationMethods()).isNull();
		assertThat(authorizationServerMetadata.getJwkSetUrl()).isNull();
		assertThat(authorizationServerMetadata.getResponseTypes()).containsExactly("code");

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;

import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.HashSet;

            

Reported by PMD.

              	private static EmbeddedDatabase db;
	private static JWKSource<SecurityContext> jwkSource;
	private static ProviderSettings providerSettings;
	private final HttpMessageConverter<OAuth2TokenIntrospection> tokenIntrospectionHttpResponseConverter =
			new OAuth2TokenIntrospectionHttpMessageConverter();

	@Rule
	public final SpringTestRule spring = new SpringTestRule();


            

Reported by PMD.

              			new OAuth2TokenIntrospectionHttpMessageConverter();

	@Rule
	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired

            

Reported by PMD.

              	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired

            

Reported by PMD.

              	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired

            

Reported by PMD.

              	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@BeforeClass

            

Reported by PMD.

              	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@BeforeClass
	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);

            

Reported by PMD.

              	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
		providerSettings = ProviderSettings.builder().tokenIntrospectionEndpoint("/test/introspect").build();
		db = new EmbeddedDatabaseBuilder()
				.generateUniqueName(true)
				.setType(EmbeddedDatabaseType.HSQL)
				.setScriptEncoding("UTF-8")
				.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql")

            

Reported by PMD.

              	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
		providerSettings = ProviderSettings.builder().tokenIntrospectionEndpoint("/test/introspect").build();
		db = new EmbeddedDatabaseBuilder()
				.generateUniqueName(true)
				.setType(EmbeddedDatabaseType.HSQL)
				.setScriptEncoding("UTF-8")
				.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql")

            

Reported by PMD.

              	}

	@Test
	public void requestWhenIntrospectValidAccessTokenThenActive() throws Exception {
		this.spring.register(AuthorizationServerConfiguration.class).autowire();

		RegisteredClient introspectRegisteredClient = TestRegisteredClients.registeredClient2()
				.clientSecret("secret-2").build();
		this.registeredClientRepository.save(introspectRegisteredClient);

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.web;

import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.HashSet;

            

Reported by PMD.

               * @author Gerardo Roza
 * @author Joe Grandja
 */
public class OAuth2TokenIntrospectionEndpointFilterTests {
	private static final String DEFAULT_TOKEN_INTROSPECTION_ENDPOINT_URI = "/oauth2/introspect";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenIntrospectionEndpointFilter filter;
	private final HttpMessageConverter<OAuth2TokenIntrospection> tokenIntrospectionHttpResponseConverter =
			new OAuth2TokenIntrospectionHttpMessageConverter();

            

Reported by PMD.

               */
public class OAuth2TokenIntrospectionEndpointFilterTests {
	private static final String DEFAULT_TOKEN_INTROSPECTION_ENDPOINT_URI = "/oauth2/introspect";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenIntrospectionEndpointFilter filter;
	private final HttpMessageConverter<OAuth2TokenIntrospection> tokenIntrospectionHttpResponseConverter =
			new OAuth2TokenIntrospectionHttpMessageConverter();
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();

            

Reported by PMD.

              public class OAuth2TokenIntrospectionEndpointFilterTests {
	private static final String DEFAULT_TOKEN_INTROSPECTION_ENDPOINT_URI = "/oauth2/introspect";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenIntrospectionEndpointFilter filter;
	private final HttpMessageConverter<OAuth2TokenIntrospection> tokenIntrospectionHttpResponseConverter =
			new OAuth2TokenIntrospectionHttpMessageConverter();
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();


            

Reported by PMD.

              	private static final String DEFAULT_TOKEN_INTROSPECTION_ENDPOINT_URI = "/oauth2/introspect";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenIntrospectionEndpointFilter filter;
	private final HttpMessageConverter<OAuth2TokenIntrospection> tokenIntrospectionHttpResponseConverter =
			new OAuth2TokenIntrospectionHttpMessageConverter();
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();

	@Before

            

Reported by PMD.

              	private OAuth2TokenIntrospectionEndpointFilter filter;
	private final HttpMessageConverter<OAuth2TokenIntrospection> tokenIntrospectionHttpResponseConverter =
			new OAuth2TokenIntrospectionHttpMessageConverter();
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();

	@Before
	public void setUp() {
		this.authenticationManager = mock(AuthenticationManager.class);

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenIntrospectionEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionEndpointFilter(this.authenticationManager, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("tokenIntrospectionEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenIntrospectionEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionEndpointFilter(this.authenticationManager, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("tokenIntrospectionEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.