* See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types;
import java.util.List;

            

Reported by PMD.

               *
 * @author Ovidiu Popa
 */
public class JdbcOAuth2AuthorizationConsentServiceTests {
	private static final String OAUTH2_AUTHORIZATION_CONSENT_SCHEMA_SQL_RESOURCE = "org/springframework/security/oauth2/server/authorization/oauth2-authorization-consent-schema.sql";
	private static final String CUSTOM_OAUTH2_AUTHORIZATION_CONSENT_SCHEMA_SQL_RESOURCE = "org/springframework/security/oauth2/server/authorization/custom-oauth2-authorization-consent-schema.sql";
	private static final String PRINCIPAL_NAME = "principal-name";
	private static final RegisteredClient REGISTERED_CLIENT = TestRegisteredClients.registeredClient().build();


            

Reported by PMD.

              					.authority(new SimpleGrantedAuthority("authority-b"))
					.build();

	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationConsentService authorizationConsentService;

	@Before

            

Reported by PMD.

              					.build();

	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationConsentService authorizationConsentService;

	@Before
	public void setUp() {

            

Reported by PMD.

              
	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationConsentService authorizationConsentService;

	@Before
	public void setUp() {
		this.db = createDb();

            

Reported by PMD.

              	private EmbeddedDatabase db;
	private JdbcOperations jdbcOperations;
	private RegisteredClientRepository registeredClientRepository;
	private JdbcOAuth2AuthorizationConsentService authorizationConsentService;

	@Before
	public void setUp() {
		this.db = createDb();
		this.jdbcOperations = new JdbcTemplate(this.db);

            

Reported by PMD.

              	@Test
	public void constructorWhenJdbcOperationsIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationConsentService(null, this.registeredClientRepository))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jdbcOperations cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

              	@Test
	public void constructorWhenJdbcOperationsIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationConsentService(null, this.registeredClientRepository))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jdbcOperations cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

              	@Test
	public void constructorWhenRegisteredClientRepositoryIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationConsentService(this.jdbcOperations, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

              	@Test
	public void constructorWhenRegisteredClientRepositoryIsNullThenThrowIllegalArgumentException() {
		// @formatter:off
		assertThatThrownBy(() -> new JdbcOAuth2AuthorizationConsentService(this.jdbcOperations, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("registeredClientRepository cannot be null");
		// @formatter:on
	}


            

Reported by PMD.

              public class TokenSettingsTests {

	@Test
	public void buildWhenDefaultThenDefaultsAreSet() {
		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));

            

Reported by PMD.

              
	@Test
	public void buildWhenDefaultThenDefaultsAreSet() {
		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);

            

Reported by PMD.

              	@Test
	public void buildWhenDefaultThenDefaultsAreSet() {
		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}

            

Reported by PMD.

              	@Test
	public void buildWhenDefaultThenDefaultsAreSet() {
		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}

            

Reported by PMD.

              	public void buildWhenDefaultThenDefaultsAreSet() {
		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}


            

Reported by PMD.

              	public void buildWhenDefaultThenDefaultsAreSet() {
		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}


            

Reported by PMD.

              		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}

	@Test

            

Reported by PMD.

              		TokenSettings tokenSettings = TokenSettings.builder().build();
		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}

	@Test

            

Reported by PMD.

              		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}

	@Test
	public void accessTokenTimeToLiveWhenProvidedThenSet() {

            

Reported by PMD.

              		assertThat(tokenSettings.getSettings()).hasSize(4);
		assertThat(tokenSettings.getAccessTokenTimeToLive()).isEqualTo(Duration.ofMinutes(5));
		assertThat(tokenSettings.isReuseRefreshTokens()).isTrue();
		assertThat(tokenSettings.getRefreshTokenTimeToLive()).isEqualTo(Duration.ofMinutes(60));
		assertThat(tokenSettings.getIdTokenSignatureAlgorithm()).isEqualTo(SignatureAlgorithm.RS256);
	}

	@Test
	public void accessTokenTimeToLiveWhenProvidedThenSet() {

            

Reported by PMD.

              		return parameters;
	}

	private static String encodeBasicAuth(String clientId, String secret) throws Exception {
		clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name());
		secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name());
		String credentialsString = clientId + ":" + secret;
		byte[] encodedBytes = Base64.getEncoder().encode(credentialsString.getBytes(StandardCharsets.UTF_8));
		return new String(encodedBytes, StandardCharsets.UTF_8);

            

Reported by PMD.

              		return parameters;
	}

	private static String encodeBasicAuth(String clientId, String secret) throws Exception {
		clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name());
		secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name());
		String credentialsString = clientId + ":" + secret;
		byte[] encodedBytes = Base64.getEncoder().encode(credentialsString.getBytes(StandardCharsets.UTF_8));
		return new String(encodedBytes, StandardCharsets.UTF_8);

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;

import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;


            

Reported by PMD.

              	private static ProviderSettings providerSettings;

	@Rule
	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired

            

Reported by PMD.

              	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired

            

Reported by PMD.

              	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired

            

Reported by PMD.

              	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@BeforeClass

            

Reported by PMD.

              	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@BeforeClass
	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);

            

Reported by PMD.

              	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
		providerSettings = ProviderSettings.builder().tokenRevocationEndpoint("/test/revoke").build();
		db = new EmbeddedDatabaseBuilder()
				.generateUniqueName(true)
				.setType(EmbeddedDatabaseType.HSQL)
				.setScriptEncoding("UTF-8")
				.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql")

            

Reported by PMD.

              	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
		providerSettings = ProviderSettings.builder().tokenRevocationEndpoint("/test/revoke").build();
		db = new EmbeddedDatabaseBuilder()
				.generateUniqueName(true)
				.setType(EmbeddedDatabaseType.HSQL)
				.setScriptEncoding("UTF-8")
				.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql")

            

Reported by PMD.

              						entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1"));
	}

	private static String encodeBasicAuth(String clientId, String secret) throws Exception {
		clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name());
		secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name());
		String credentialsString = clientId + ":" + secret;
		byte[] encodedBytes = Base64.getEncoder().encode(credentialsString.getBytes(StandardCharsets.UTF_8));
		return new String(encodedBytes, StandardCharsets.UTF_8);

            

Reported by PMD.

              						entry(PkceParameterNames.CODE_VERIFIER, "code-verifier-1"));
	}

	private static String encodeBasicAuth(String clientId, String secret) throws Exception {
		clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name());
		secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name());
		String credentialsString = clientId + ":" + secret;
		byte[] encodedBytes = Base64.getEncoder().encode(credentialsString.getBytes(StandardCharsets.UTF_8));
		return new String(encodedBytes, StandardCharsets.UTF_8);

            

Reported by PMD.

               * @author Joe Grandja
 */
public class ClientSecretBasicAuthenticationConverterTests {
	private ClientSecretBasicAuthenticationConverter converter = new ClientSecretBasicAuthenticationConverter();

	@Test
	public void convertWhenAuthorizationHeaderEmptyThenReturnNull() {
		MockHttpServletRequest request = new MockHttpServletRequest();
		Authentication authentication = this.converter.convert(request);

            

Reported by PMD.

               * @author Joe Grandja
 */
public class ClientSecretBasicAuthenticationConverterTests {
	private ClientSecretBasicAuthenticationConverter converter = new ClientSecretBasicAuthenticationConverter();

	@Test
	public void convertWhenAuthorizationHeaderEmptyThenReturnNull() {
		MockHttpServletRequest request = new MockHttpServletRequest();
		Authentication authentication = this.converter.convert(request);

            

Reported by PMD.

              	public void convertWhenAuthorizationHeaderEmptyThenReturnNull() {
		MockHttpServletRequest request = new MockHttpServletRequest();
		Authentication authentication = this.converter.convert(request);
		assertThat(authentication).isNull();
	}

	@Test
	public void convertWhenAuthorizationHeaderNotBasicThenReturnNull() {
		MockHttpServletRequest request = new MockHttpServletRequest();

            

Reported by PMD.

              		MockHttpServletRequest request = new MockHttpServletRequest();
		request.addHeader(HttpHeaders.AUTHORIZATION, "Bearer token");
		Authentication authentication = this.converter.convert(request);
		assertThat(authentication).isNull();
	}

	@Test
	public void convertWhenAuthorizationHeaderBasicWithMissingCredentialsThenThrowOAuth2AuthenticationException() {
		MockHttpServletRequest request = new MockHttpServletRequest();

            

Reported by PMD.

              	@Test
	public void convertWhenAuthorizationHeaderBasicWithMissingCredentialsThenThrowOAuth2AuthenticationException() {
		MockHttpServletRequest request = new MockHttpServletRequest();
		request.addHeader(HttpHeaders.AUTHORIZATION, "Basic ");
		assertThatThrownBy(() -> this.converter.convert(request))
				.isInstanceOf(OAuth2AuthenticationException.class)
				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
				.extracting("errorCode")
				.isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);

            

Reported by PMD.

              	public void convertWhenAuthorizationHeaderBasicWithMissingCredentialsThenThrowOAuth2AuthenticationException() {
		MockHttpServletRequest request = new MockHttpServletRequest();
		request.addHeader(HttpHeaders.AUTHORIZATION, "Basic ");
		assertThatThrownBy(() -> this.converter.convert(request))
				.isInstanceOf(OAuth2AuthenticationException.class)
				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
				.extracting("errorCode")
				.isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
	}

            

Reported by PMD.

              	public void convertWhenAuthorizationHeaderBasicWithMissingCredentialsThenThrowOAuth2AuthenticationException() {
		MockHttpServletRequest request = new MockHttpServletRequest();
		request.addHeader(HttpHeaders.AUTHORIZATION, "Basic ");
		assertThatThrownBy(() -> this.converter.convert(request))
				.isInstanceOf(OAuth2AuthenticationException.class)
				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
				.extracting("errorCode")
				.isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
	}

            

Reported by PMD.

              	public void convertWhenAuthorizationHeaderBasicWithMissingCredentialsThenThrowOAuth2AuthenticationException() {
		MockHttpServletRequest request = new MockHttpServletRequest();
		request.addHeader(HttpHeaders.AUTHORIZATION, "Basic ");
		assertThatThrownBy(() -> this.converter.convert(request))
				.isInstanceOf(OAuth2AuthenticationException.class)
				.extracting(ex -> ((OAuth2AuthenticationException) ex).getError())
				.extracting("errorCode")
				.isEqualTo(OAuth2ErrorCodes.INVALID_REQUEST);
	}

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.oidc.authentication;

import java.net.URI;
import java.net.URISyntaxException;
import java.time.Instant;
import java.util.Base64;

            

Reported by PMD.

              	private static final StringKeyGenerator CLIENT_SECRET_GENERATOR = new Base64StringKeyGenerator(
			Base64.getUrlEncoder().withoutPadding(), 48);
	private static final String DEFAULT_AUTHORIZED_SCOPE = "client.create";
	private final RegisteredClientRepository registeredClientRepository;
	private final OAuth2AuthorizationService authorizationService;

	/**
	 * Constructs an {@code OidcClientRegistrationAuthenticationProvider} using the provided parameters.
	 *

            

Reported by PMD.

              			Base64.getUrlEncoder().withoutPadding(), 48);
	private static final String DEFAULT_AUTHORIZED_SCOPE = "client.create";
	private final RegisteredClientRepository registeredClientRepository;
	private final OAuth2AuthorizationService authorizationService;

	/**
	 * Constructs an {@code OidcClientRegistrationAuthenticationProvider} using the provided parameters.
	 *
	 * @param registeredClientRepository the repository of registered clients

            

Reported by PMD.

              	}

	@Override
	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
		OidcClientRegistrationAuthenticationToken clientRegistrationAuthentication =
				(OidcClientRegistrationAuthenticationToken) authentication;

		// Validate the "initial" access token
		AbstractOAuth2TokenAuthenticationToken<?> accessTokenAuthentication = null;

            

Reported by PMD.

              
		// Validate the "initial" access token
		AbstractOAuth2TokenAuthenticationToken<?> accessTokenAuthentication = null;
		if (AbstractOAuth2TokenAuthenticationToken.class.isAssignableFrom(clientRegistrationAuthentication.getPrincipal().getClass())) {
			accessTokenAuthentication = (AbstractOAuth2TokenAuthenticationToken<?>) clientRegistrationAuthentication.getPrincipal();
		}
		if (accessTokenAuthentication == null || !accessTokenAuthentication.isAuthenticated()) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);
		}

            

Reported by PMD.

              
		// Validate the "initial" access token
		AbstractOAuth2TokenAuthenticationToken<?> accessTokenAuthentication = null;
		if (AbstractOAuth2TokenAuthenticationToken.class.isAssignableFrom(clientRegistrationAuthentication.getPrincipal().getClass())) {
			accessTokenAuthentication = (AbstractOAuth2TokenAuthenticationToken<?>) clientRegistrationAuthentication.getPrincipal();
		}
		if (accessTokenAuthentication == null || !accessTokenAuthentication.isAuthenticated()) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);
		}

            

Reported by PMD.

              		if (AbstractOAuth2TokenAuthenticationToken.class.isAssignableFrom(clientRegistrationAuthentication.getPrincipal().getClass())) {
			accessTokenAuthentication = (AbstractOAuth2TokenAuthenticationToken<?>) clientRegistrationAuthentication.getPrincipal();
		}
		if (accessTokenAuthentication == null || !accessTokenAuthentication.isAuthenticated()) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);
		}

		String accessTokenValue = accessTokenAuthentication.getToken().getTokenValue();


            

Reported by PMD.

              			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);
		}

		String accessTokenValue = accessTokenAuthentication.getToken().getTokenValue();

		OAuth2Authorization authorization = this.authorizationService.findByToken(
				accessTokenValue, OAuth2TokenType.ACCESS_TOKEN);
		if (authorization == null) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);

            

Reported by PMD.

              			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);
		}

		String accessTokenValue = accessTokenAuthentication.getToken().getTokenValue();

		OAuth2Authorization authorization = this.authorizationService.findByToken(
				accessTokenValue, OAuth2TokenType.ACCESS_TOKEN);
		if (authorization == null) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);

            

Reported by PMD.

              			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);
		}

		OAuth2Authorization.Token<OAuth2AccessToken> authorizedAccessToken = authorization.getAccessToken();
		if (!authorizedAccessToken.isActive()) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_TOKEN);
		}

		if (!isAuthorized(authorizedAccessToken)) {

            

Reported by PMD.

               * @author Ovidiu Popa
 * @author Joe Grandja
 */
public class InMemoryRegisteredClientRepositoryTests {
	private RegisteredClient registration = TestRegisteredClients.registeredClient().build();

	private InMemoryRegisteredClientRepository clients = new InMemoryRegisteredClientRepository(this.registration);

	@Test

            

Reported by PMD.

               * @author Joe Grandja
 */
public class InMemoryRegisteredClientRepositoryTests {
	private RegisteredClient registration = TestRegisteredClients.registeredClient().build();

	private InMemoryRegisteredClientRepository clients = new InMemoryRegisteredClientRepository(this.registration);

	@Test
	public void constructorVarargsRegisteredClientWhenNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

               * @author Joe Grandja
 */
public class InMemoryRegisteredClientRepositoryTests {
	private RegisteredClient registration = TestRegisteredClients.registeredClient().build();

	private InMemoryRegisteredClientRepository clients = new InMemoryRegisteredClientRepository(this.registration);

	@Test
	public void constructorVarargsRegisteredClientWhenNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

              public class InMemoryRegisteredClientRepositoryTests {
	private RegisteredClient registration = TestRegisteredClients.registeredClient().build();

	private InMemoryRegisteredClientRepository clients = new InMemoryRegisteredClientRepository(this.registration);

	@Test
	public void constructorVarargsRegisteredClientWhenNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> {

            

Reported by PMD.

              public class InMemoryRegisteredClientRepositoryTests {
	private RegisteredClient registration = TestRegisteredClients.registeredClient().build();

	private InMemoryRegisteredClientRepository clients = new InMemoryRegisteredClientRepository(this.registration);

	@Test
	public void constructorVarargsRegisteredClientWhenNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> {

            

Reported by PMD.

              
	@Test
	public void constructorVarargsRegisteredClientWhenNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> {
					RegisteredClient registration = null;
					new InMemoryRegisteredClientRepository(registration);
				})
				.withMessageContaining("registration cannot be null");

            

Reported by PMD.

              
	@Test
	public void constructorVarargsRegisteredClientWhenNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> {
					RegisteredClient registration = null;
					new InMemoryRegisteredClientRepository(registration);
				})
				.withMessageContaining("registration cannot be null");

            

Reported by PMD.

              
	@Test
	public void constructorListRegisteredClientWhenNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> {
					List<RegisteredClient> registrations = null;
					new InMemoryRegisteredClientRepository(registrations);
				})
				.withMessageContaining("registrations cannot be empty");

            

Reported by PMD.

              
	@Test
	public void constructorListRegisteredClientWhenNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> {
					List<RegisteredClient> registrations = null;
					new InMemoryRegisteredClientRepository(registrations);
				})
				.withMessageContaining("registrations cannot be empty");

            

Reported by PMD.

              
	@Test
	public void constructorListRegisteredClientWhenEmptyThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> {
					List<RegisteredClient> registrations = Collections.emptyList();
					new InMemoryRegisteredClientRepository(registrations);
				})
				.withMessageContaining("registrations cannot be empty");

            

Reported by PMD.

              	/**
	 * A builder for subclasses of {@link AbstractOAuth2AuthorizationServerMetadata}.
	 */
	protected static abstract class AbstractBuilder<T extends AbstractOAuth2AuthorizationServerMetadata, B extends AbstractBuilder<T, B>> {
		private final Map<String, Object> claims = new LinkedHashMap<>();

		protected AbstractBuilder() {
		}


            

Reported by PMD.

              	/**
	 * A builder for subclasses of {@link AbstractOAuth2AuthorizationServerMetadata}.
	 */
	protected static abstract class AbstractBuilder<T extends AbstractOAuth2AuthorizationServerMetadata, B extends AbstractBuilder<T, B>> {
		private final Map<String, Object> claims = new LinkedHashMap<>();

		protected AbstractBuilder() {
		}


            

Reported by PMD.

              	/**
	 * A builder for subclasses of {@link AbstractOAuth2AuthorizationServerMetadata}.
	 */
	protected static abstract class AbstractBuilder<T extends AbstractOAuth2AuthorizationServerMetadata, B extends AbstractBuilder<T, B>> {
		private final Map<String, Object> claims = new LinkedHashMap<>();

		protected AbstractBuilder() {
		}


            

Reported by PMD.

              	 * A builder for subclasses of {@link AbstractOAuth2AuthorizationServerMetadata}.
	 */
	protected static abstract class AbstractBuilder<T extends AbstractOAuth2AuthorizationServerMetadata, B extends AbstractBuilder<T, B>> {
		private final Map<String, Object> claims = new LinkedHashMap<>();

		protected AbstractBuilder() {
		}

		protected Map<String, Object> getClaims() {

            

Reported by PMD.

              		 */
		public abstract T build();

		protected void validate() {
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint cannot be null");

            

Reported by PMD.

              		 */
		public abstract T build();

		protected void validate() {
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint cannot be null");

            

Reported by PMD.

              		 */
		public abstract T build();

		protected void validate() {
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint cannot be null");

            

Reported by PMD.

              		 */
		public abstract T build();

		protected void validate() {
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint cannot be null");

            

Reported by PMD.

              		public abstract T build();

		protected void validate() {
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint must be a valid URL");

            

Reported by PMD.

              
		protected void validate() {
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.ISSUER), "issuer must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.AUTHORIZATION_ENDPOINT), "authorizationEndpoint must be a valid URL");
			Assert.notNull(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint cannot be null");
			validateURL(getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT), "tokenEndpoint must be a valid URL");
			if (getClaims().get(OAuth2AuthorizationServerMetadataClaimNames.TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED) != null) {

            

Reported by PMD.

               * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-2">Section 2 Client Registration</a>
 * @since 0.0.1
 */
public class RegisteredClient implements Serializable {
	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private String id;
	private String clientId;
	private Instant clientIdIssuedAt;
	private String clientSecret;

            

Reported by PMD.

               */
public class RegisteredClient implements Serializable {
	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private String id;
	private String clientId;
	private Instant clientIdIssuedAt;
	private String clientSecret;
	private Instant clientSecretExpiresAt;
	private String clientName;

            

Reported by PMD.

              public class RegisteredClient implements Serializable {
	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private String id;
	private String clientId;
	private Instant clientIdIssuedAt;
	private String clientSecret;
	private Instant clientSecretExpiresAt;
	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;

            

Reported by PMD.

              	private static final long serialVersionUID = Version.SERIAL_VERSION_UID;
	private String id;
	private String clientId;
	private Instant clientIdIssuedAt;
	private String clientSecret;
	private Instant clientSecretExpiresAt;
	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
	private Set<AuthorizationGrantType> authorizationGrantTypes;

            

Reported by PMD.

              	private String id;
	private String clientId;
	private Instant clientIdIssuedAt;
	private String clientSecret;
	private Instant clientSecretExpiresAt;
	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
	private Set<AuthorizationGrantType> authorizationGrantTypes;
	private Set<String> redirectUris;

            

Reported by PMD.

              	private String clientId;
	private Instant clientIdIssuedAt;
	private String clientSecret;
	private Instant clientSecretExpiresAt;
	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
	private Set<AuthorizationGrantType> authorizationGrantTypes;
	private Set<String> redirectUris;
	private Set<String> scopes;

            

Reported by PMD.

              	private Instant clientIdIssuedAt;
	private String clientSecret;
	private Instant clientSecretExpiresAt;
	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
	private Set<AuthorizationGrantType> authorizationGrantTypes;
	private Set<String> redirectUris;
	private Set<String> scopes;
	private ClientSettings clientSettings;

            

Reported by PMD.

              	private String clientSecret;
	private Instant clientSecretExpiresAt;
	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
	private Set<AuthorizationGrantType> authorizationGrantTypes;
	private Set<String> redirectUris;
	private Set<String> scopes;
	private ClientSettings clientSettings;
	private TokenSettings tokenSettings;

            

Reported by PMD.

              	private Instant clientSecretExpiresAt;
	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
	private Set<AuthorizationGrantType> authorizationGrantTypes;
	private Set<String> redirectUris;
	private Set<String> scopes;
	private ClientSettings clientSettings;
	private TokenSettings tokenSettings;


            

Reported by PMD.

              	private String clientName;
	private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
	private Set<AuthorizationGrantType> authorizationGrantTypes;
	private Set<String> redirectUris;
	private Set<String> scopes;
	private ClientSettings clientSettings;
	private TokenSettings tokenSettings;

	protected RegisteredClient() {

            

Reported by PMD.

              
	@Test
	public void withWhenHeadersNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> JwtEncodingContext.with(null, TestJwtClaimsSets.jwtClaimsSet()))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("headersBuilder cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void withWhenHeadersNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> JwtEncodingContext.with(null, TestJwtClaimsSets.jwtClaimsSet()))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("headersBuilder cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void withWhenClaimsNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> JwtEncodingContext.with(TestJoseHeaders.joseHeader(), null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("claimsBuilder cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void withWhenClaimsNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> JwtEncodingContext.with(TestJoseHeaders.joseHeader(), null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("claimsBuilder cannot be null");
	}

	@Test

            

Reported by PMD.

              	}

	@Test
	public void setWhenValueNullThenThrowIllegalArgumentException() {
		JwtEncodingContext.Builder builder = JwtEncodingContext
				.with(TestJoseHeaders.joseHeader(), TestJwtClaimsSets.jwtClaimsSet());
		assertThatThrownBy(() -> builder.registeredClient(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.principal(null))

            

Reported by PMD.

              	public void setWhenValueNullThenThrowIllegalArgumentException() {
		JwtEncodingContext.Builder builder = JwtEncodingContext
				.with(TestJoseHeaders.joseHeader(), TestJwtClaimsSets.jwtClaimsSet());
		assertThatThrownBy(() -> builder.registeredClient(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.principal(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorization(null))
				.isInstanceOf(IllegalArgumentException.class);

            

Reported by PMD.

              				.with(TestJoseHeaders.joseHeader(), TestJwtClaimsSets.jwtClaimsSet());
		assertThatThrownBy(() -> builder.registeredClient(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.principal(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorization(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.tokenType(null))
				.isInstanceOf(IllegalArgumentException.class);

            

Reported by PMD.

              				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.principal(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorization(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.tokenType(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorizationGrantType(null))
				.isInstanceOf(IllegalArgumentException.class);

            

Reported by PMD.

              				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorization(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.tokenType(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorizationGrantType(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorizationGrant(null))
				.isInstanceOf(IllegalArgumentException.class);

            

Reported by PMD.

              				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.tokenType(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorizationGrantType(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.authorizationGrant(null))
				.isInstanceOf(IllegalArgumentException.class);
		assertThatThrownBy(() -> builder.put(null, ""))
				.isInstanceOf(IllegalArgumentException.class);

            

Reported by PMD.

              
	private void insertRegisteredClient(RegisteredClient registeredClient) {
		List<SqlParameterValue> parameters = this.registeredClientParametersMapper.apply(registeredClient);
		PreparedStatementSetter pss = new ArgumentPreparedStatementSetter(parameters.toArray());
		this.jdbcOperations.update(INSERT_REGISTERED_CLIENT_SQL, pss);
	}

	@Override
	public RegisteredClient findById(String id) {

            

Reported by PMD.

              	private RegisteredClient findBy(String filter, Object... args) {
		List<RegisteredClient> result = this.jdbcOperations.query(
				LOAD_REGISTERED_CLIENT_SQL + filter, this.registeredClientRowMapper, args);
		return !result.isEmpty() ? result.get(0) : null;
	}

	/**
	 * Sets the {@link RowMapper} used for mapping the current row in {@code java.sql.ResultSet} to {@link RegisteredClient}.
	 * The default is {@link RegisteredClientRowMapper}.

            

Reported by PMD.

              	private RegisteredClient findBy(String filter, Object... args) {
		List<RegisteredClient> result = this.jdbcOperations.query(
				LOAD_REGISTERED_CLIENT_SQL + filter, this.registeredClientRowMapper, args);
		return !result.isEmpty() ? result.get(0) : null;
	}

	/**
	 * Sets the {@link RowMapper} used for mapping the current row in {@code java.sql.ResultSet} to {@link RegisteredClient}.
	 * The default is {@link RegisteredClientRowMapper}.

            

Reported by PMD.

              		private ObjectMapper objectMapper = new ObjectMapper();

		public RegisteredClientRowMapper() {
			ClassLoader classLoader = JdbcRegisteredClientRepository.class.getClassLoader();
			List<Module> securityModules = SecurityJackson2Modules.getModules(classLoader);
			this.objectMapper.registerModules(securityModules);
			this.objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module());
		}


            

Reported by PMD.

              			Set<String> clientScopes = StringUtils.commaDelimitedListToSet(rs.getString("scopes"));

			// @formatter:off
			RegisteredClient.Builder builder = RegisteredClient.withId(rs.getString("id"))
					.clientId(rs.getString("client_id"))
					.clientIdIssuedAt(clientIdIssuedAt != null ? clientIdIssuedAt.toInstant() : null)
					.clientSecret(rs.getString("client_secret"))
					.clientSecretExpiresAt(clientSecretExpiresAt != null ? clientSecretExpiresAt.toInstant() : null)
					.clientName(rs.getString("client_name"))

            

Reported by PMD.

              			Set<String> clientScopes = StringUtils.commaDelimitedListToSet(rs.getString("scopes"));

			// @formatter:off
			RegisteredClient.Builder builder = RegisteredClient.withId(rs.getString("id"))
					.clientId(rs.getString("client_id"))
					.clientIdIssuedAt(clientIdIssuedAt != null ? clientIdIssuedAt.toInstant() : null)
					.clientSecret(rs.getString("client_secret"))
					.clientSecretExpiresAt(clientSecretExpiresAt != null ? clientSecretExpiresAt.toInstant() : null)
					.clientName(rs.getString("client_name"))

            

Reported by PMD.

              			Set<String> clientScopes = StringUtils.commaDelimitedListToSet(rs.getString("scopes"));

			// @formatter:off
			RegisteredClient.Builder builder = RegisteredClient.withId(rs.getString("id"))
					.clientId(rs.getString("client_id"))
					.clientIdIssuedAt(clientIdIssuedAt != null ? clientIdIssuedAt.toInstant() : null)
					.clientSecret(rs.getString("client_secret"))
					.clientSecretExpiresAt(clientSecretExpiresAt != null ? clientSecretExpiresAt.toInstant() : null)
					.clientName(rs.getString("client_name"))

            

Reported by PMD.

              			Set<String> clientScopes = StringUtils.commaDelimitedListToSet(rs.getString("scopes"));

			// @formatter:off
			RegisteredClient.Builder builder = RegisteredClient.withId(rs.getString("id"))
					.clientId(rs.getString("client_id"))
					.clientIdIssuedAt(clientIdIssuedAt != null ? clientIdIssuedAt.toInstant() : null)
					.clientSecret(rs.getString("client_secret"))
					.clientSecretExpiresAt(clientSecretExpiresAt != null ? clientSecretExpiresAt.toInstant() : null)
					.clientName(rs.getString("client_name"))

            

Reported by PMD.

              			Set<String> clientScopes = StringUtils.commaDelimitedListToSet(rs.getString("scopes"));

			// @formatter:off
			RegisteredClient.Builder builder = RegisteredClient.withId(rs.getString("id"))
					.clientId(rs.getString("client_id"))
					.clientIdIssuedAt(clientIdIssuedAt != null ? clientIdIssuedAt.toInstant() : null)
					.clientSecret(rs.getString("client_secret"))
					.clientSecretExpiresAt(clientSecretExpiresAt != null ? clientSecretExpiresAt.toInstant() : null)
					.clientName(rs.getString("client_name"))

            

Reported by PMD.

              			Set<String> clientScopes = StringUtils.commaDelimitedListToSet(rs.getString("scopes"));

			// @formatter:off
			RegisteredClient.Builder builder = RegisteredClient.withId(rs.getString("id"))
					.clientId(rs.getString("client_id"))
					.clientIdIssuedAt(clientIdIssuedAt != null ? clientIdIssuedAt.toInstant() : null)
					.clientSecret(rs.getString("client_secret"))
					.clientSecretExpiresAt(clientSecretExpiresAt != null ? clientSecretExpiresAt.toInstant() : null)
					.clientName(rs.getString("client_name"))

            

Reported by PMD.