* @see OAuth2AuthorizationCodeRequestAuthenticationToken
 * @see OAuth2AuthorizationEndpointFilter
 */
public final class OAuth2AuthorizationCodeRequestAuthenticationConverter implements AuthenticationConverter {
	private static final String DEFAULT_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
	private static final String PKCE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1";
	private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
	private static final RequestMatcher OIDC_REQUEST_MATCHER = createOidcRequestMatcher();

            

Reported by PMD.

               * @see OAuth2AuthorizationCodeRequestAuthenticationToken
 * @see OAuth2AuthorizationEndpointFilter
 */
public final class OAuth2AuthorizationCodeRequestAuthenticationConverter implements AuthenticationConverter {
	private static final String DEFAULT_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1";
	private static final String PKCE_ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc7636#section-4.4.1";
	private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
			"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
	private static final RequestMatcher OIDC_REQUEST_MATCHER = createOidcRequestMatcher();

            

Reported by PMD.

              	private static final RequestMatcher OIDC_REQUEST_MATCHER = createOidcRequestMatcher();

	@Override
	public Authentication convert(HttpServletRequest request) {
		MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);

		boolean authorizationRequest = false;
		if ("GET".equals(request.getMethod()) || OIDC_REQUEST_MATCHER.matches(request)) {
			authorizationRequest = true;

            

Reported by PMD.

              	private static final RequestMatcher OIDC_REQUEST_MATCHER = createOidcRequestMatcher();

	@Override
	public Authentication convert(HttpServletRequest request) {
		MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);

		boolean authorizationRequest = false;
		if ("GET".equals(request.getMethod()) || OIDC_REQUEST_MATCHER.matches(request)) {
			authorizationRequest = true;

            

Reported by PMD.

              	private static final RequestMatcher OIDC_REQUEST_MATCHER = createOidcRequestMatcher();

	@Override
	public Authentication convert(HttpServletRequest request) {
		MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);

		boolean authorizationRequest = false;
		if ("GET".equals(request.getMethod()) || OIDC_REQUEST_MATCHER.matches(request)) {
			authorizationRequest = true;

            

Reported by PMD.

              	private static final RequestMatcher OIDC_REQUEST_MATCHER = createOidcRequestMatcher();

	@Override
	public Authentication convert(HttpServletRequest request) {
		MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);

		boolean authorizationRequest = false;
		if ("GET".equals(request.getMethod()) || OIDC_REQUEST_MATCHER.matches(request)) {
			authorizationRequest = true;

            

Reported by PMD.

              		MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(request);

		boolean authorizationRequest = false;
		if ("GET".equals(request.getMethod()) || OIDC_REQUEST_MATCHER.matches(request)) {
			authorizationRequest = true;

			// response_type (REQUIRED)
			String responseType = request.getParameter(OAuth2ParameterNames.RESPONSE_TYPE);
			if (!StringUtils.hasText(responseType) ||

            

Reported by PMD.

              			// response_type (REQUIRED)
			String responseType = request.getParameter(OAuth2ParameterNames.RESPONSE_TYPE);
			if (!StringUtils.hasText(responseType) ||
					parameters.get(OAuth2ParameterNames.RESPONSE_TYPE).size() != 1) {
				throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.RESPONSE_TYPE);
			} else if (!responseType.equals(OAuth2AuthorizationResponseType.CODE.getValue())) {
				throwError(OAuth2ErrorCodes.UNSUPPORTED_RESPONSE_TYPE, OAuth2ParameterNames.RESPONSE_TYPE);
			}
		}

            

Reported by PMD.

              			if (!StringUtils.hasText(responseType) ||
					parameters.get(OAuth2ParameterNames.RESPONSE_TYPE).size() != 1) {
				throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.RESPONSE_TYPE);
			} else if (!responseType.equals(OAuth2AuthorizationResponseType.CODE.getValue())) {
				throwError(OAuth2ErrorCodes.UNSUPPORTED_RESPONSE_TYPE, OAuth2ParameterNames.RESPONSE_TYPE);
			}
		}

		String authorizationUri = request.getRequestURL().toString();

            

Reported by PMD.

              			if (!StringUtils.hasText(responseType) ||
					parameters.get(OAuth2ParameterNames.RESPONSE_TYPE).size() != 1) {
				throwError(OAuth2ErrorCodes.INVALID_REQUEST, OAuth2ParameterNames.RESPONSE_TYPE);
			} else if (!responseType.equals(OAuth2AuthorizationResponseType.CODE.getValue())) {
				throwError(OAuth2ErrorCodes.UNSUPPORTED_RESPONSE_TYPE, OAuth2ParameterNames.RESPONSE_TYPE);
			}
		}

		String authorizationUri = request.getRequestURL().toString();

            

Reported by PMD.

              		return parameters;
	}

	private static String encodeBasicAuth(String clientId, String secret) throws Exception {
		clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name());
		secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name());
		String credentialsString = clientId + ":" + secret;
		byte[] encodedBytes = Base64.getEncoder().encode(credentialsString.getBytes(StandardCharsets.UTF_8));
		return new String(encodedBytes, StandardCharsets.UTF_8);

            

Reported by PMD.

              		return parameters;
	}

	private static String encodeBasicAuth(String clientId, String secret) throws Exception {
		clientId = URLEncoder.encode(clientId, StandardCharsets.UTF_8.name());
		secret = URLEncoder.encode(secret, StandardCharsets.UTF_8.name());
		String credentialsString = clientId + ":" + secret;
		byte[] encodedBytes = Base64.getEncoder().encode(credentialsString.getBytes(StandardCharsets.UTF_8));
		return new String(encodedBytes, StandardCharsets.UTF_8);

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;

import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Base64;

            

Reported by PMD.

              			new OAuth2AccessTokenResponseHttpMessageConverter();

	@Rule
	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired

            

Reported by PMD.

              	public final SpringTestRule spring = new SpringTestRule();

	@Autowired
	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired

            

Reported by PMD.

              	private MockMvc mvc;

	@Autowired
	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired

            

Reported by PMD.

              	private JdbcOperations jdbcOperations;

	@Autowired
	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@BeforeClass

            

Reported by PMD.

              	private RegisteredClientRepository registeredClientRepository;

	@Autowired
	private OAuth2AuthorizationService authorizationService;

	@BeforeClass
	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);

            

Reported by PMD.

              	public static void init() {
		JWKSet jwkSet = new JWKSet(TestJwks.DEFAULT_RSA_JWK);
		jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(jwkSet);
		jwtDecoder = NimbusJwtDecoder.withPublicKey(TestKeys.DEFAULT_PUBLIC_KEY).build();
		db = new EmbeddedDatabaseBuilder()
				.generateUniqueName(true)
				.setType(EmbeddedDatabaseType.HSQL)
				.setScriptEncoding("UTF-8")
				.addScript("org/springframework/security/oauth2/server/authorization/oauth2-authorization-schema.sql")

            

Reported by PMD.

              	}

	@Test
	public void requestWhenRefreshTokenRequestValidThenReturnAccessTokenResponse() throws Exception {
		this.spring.register(AuthorizationServerConfiguration.class).autowire();

		RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
		this.registeredClientRepository.save(registeredClient);


            

Reported by PMD.

               */
public class NimbusJwkSetEndpointFilterTests {
	private static final String DEFAULT_JWK_SET_ENDPOINT_URI = "/oauth2/jwks";
	private List<JWK> jwkList;
	private JWKSource<SecurityContext> jwkSource;
	private NimbusJwkSetEndpointFilter filter;

	@Before
	public void setUp() {

            

Reported by PMD.

              public class NimbusJwkSetEndpointFilterTests {
	private static final String DEFAULT_JWK_SET_ENDPOINT_URI = "/oauth2/jwks";
	private List<JWK> jwkList;
	private JWKSource<SecurityContext> jwkSource;
	private NimbusJwkSetEndpointFilter filter;

	@Before
	public void setUp() {
		this.jwkList = new ArrayList<>();

            

Reported by PMD.

              	private static final String DEFAULT_JWK_SET_ENDPOINT_URI = "/oauth2/jwks";
	private List<JWK> jwkList;
	private JWKSource<SecurityContext> jwkSource;
	private NimbusJwkSetEndpointFilter filter;

	@Before
	public void setUp() {
		this.jwkList = new ArrayList<>();
		this.jwkSource = (jwkSelector, securityContext) -> jwkSelector.select(new JWKSet(this.jwkList));

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwkSourceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new NimbusJwkSetEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jwkSource cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwkSourceNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new NimbusJwkSetEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jwkSource cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwkSetEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new NimbusJwkSetEndpointFilter(this.jwkSource, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jwkSetEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenJwkSetEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new NimbusJwkSetEndpointFilter(this.jwkSource, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("jwkSetEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenNotJwkSetRequestThenNotProcessed() throws Exception {
		String requestUri = "/path";
		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();
		FilterChain filterChain = mock(FilterChain.class);

            

Reported by PMD.

              
		this.filter.doFilter(request, response, filterChain);

		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
	}

	@Test
	public void doFilterWhenJwkSetRequestPostThenNotProcessed() throws Exception {
		String requestUri = DEFAULT_JWK_SET_ENDPOINT_URI;

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenJwkSetRequestPostThenNotProcessed() throws Exception {
		String requestUri = DEFAULT_JWK_SET_ENDPOINT_URI;
		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();
		FilterChain filterChain = mock(FilterChain.class);

            

Reported by PMD.

               * @author Joe Grandja
 */
public class OAuth2TokenIntrospectionAuthenticationTokenTests {
	private String token = "token";
	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();


            

Reported by PMD.

               * @author Joe Grandja
 */
public class OAuth2TokenIntrospectionAuthenticationTokenTests {
	private String token = "token";
	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();


            

Reported by PMD.

               */
public class OAuth2TokenIntrospectionAuthenticationTokenTests {
	private String token = "token";
	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();

	@Test

            

Reported by PMD.

               */
public class OAuth2TokenIntrospectionAuthenticationTokenTests {
	private String token = "token";
	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();

	@Test

            

Reported by PMD.

              public class OAuth2TokenIntrospectionAuthenticationTokenTests {
	private String token = "token";
	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();

	@Test
	public void constructorWhenTokenNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

              public class OAuth2TokenIntrospectionAuthenticationTokenTests {
	private String token = "token";
	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();

	@Test
	public void constructorWhenTokenNullThenThrowIllegalArgumentException() {

            

Reported by PMD.

              	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();

	@Test
	public void constructorWhenTokenNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationToken(null, this.clientPrincipal, null, null))
				.isInstanceOf(IllegalArgumentException.class)

            

Reported by PMD.

              	private RegisteredClient registeredClient = TestRegisteredClients.registeredClient().build();
	private OAuth2ClientAuthenticationToken clientPrincipal = new OAuth2ClientAuthenticationToken(
			this.registeredClient, ClientAuthenticationMethod.CLIENT_SECRET_BASIC, this.registeredClient.getClientSecret());
	private OAuth2TokenIntrospection tokenClaims = OAuth2TokenIntrospection.builder(true).build();

	@Test
	public void constructorWhenTokenNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationToken(null, this.clientPrincipal, null, null))
				.isInstanceOf(IllegalArgumentException.class)

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationToken(null, this.clientPrincipal, null, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("token cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenIntrospectionAuthenticationToken(null, this.clientPrincipal, null, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("token cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OAuth2AuthorizationServerMetadataEndpointFilter(null))
				.withMessage("providerSettings cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OAuth2AuthorizationServerMetadataEndpointFilter(null))
				.withMessage("providerSettings cannot be null");
	}

	@Test

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenNotAuthorizationServerMetadataRequestThenNotProcessed() throws Exception {
		OAuth2AuthorizationServerMetadataEndpointFilter filter =
				new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build());

		String requestUri = "/path";
		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);

            

Reported by PMD.

              	@Test
	public void doFilterWhenNotAuthorizationServerMetadataRequestThenNotProcessed() throws Exception {
		OAuth2AuthorizationServerMetadataEndpointFilter filter =
				new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build());

		String requestUri = "/path";
		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();

            

Reported by PMD.

              	@Test
	public void doFilterWhenNotAuthorizationServerMetadataRequestThenNotProcessed() throws Exception {
		OAuth2AuthorizationServerMetadataEndpointFilter filter =
				new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build());

		String requestUri = "/path";
		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();

            

Reported by PMD.

              
		filter.doFilter(request, response, filterChain);

		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
	}

	@Test
	public void doFilterWhenAuthorizationServerMetadataRequestPostThenNotProcessed() throws Exception {
		OAuth2AuthorizationServerMetadataEndpointFilter filter =

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenAuthorizationServerMetadataRequestPostThenNotProcessed() throws Exception {
		OAuth2AuthorizationServerMetadataEndpointFilter filter =
				new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build());

		String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI;
		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);

            

Reported by PMD.

              	@Test
	public void doFilterWhenAuthorizationServerMetadataRequestPostThenNotProcessed() throws Exception {
		OAuth2AuthorizationServerMetadataEndpointFilter filter =
				new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build());

		String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI;
		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();

            

Reported by PMD.

              	@Test
	public void doFilterWhenAuthorizationServerMetadataRequestPostThenNotProcessed() throws Exception {
		OAuth2AuthorizationServerMetadataEndpointFilter filter =
				new OAuth2AuthorizationServerMetadataEndpointFilter(ProviderSettings.builder().issuer("https://example.com").build());

		String requestUri = DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI;
		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();

            

Reported by PMD.

              
		filter.doFilter(request, response, filterChain);

		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
	}

	@Test
	public void doFilterWhenAuthorizationServerMetadataRequestThenMetadataResponse() throws Exception {
		String authorizationEndpoint = "/oauth2/v1/authorize";

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.server.authorization.web;

import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.HashSet;

            

Reported by PMD.

               * @author Vivek Babu
 * @author Joe Grandja
 */
public class OAuth2TokenRevocationEndpointFilterTests {
	private static final String DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI = "/oauth2/revoke";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenRevocationEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();

            

Reported by PMD.

               */
public class OAuth2TokenRevocationEndpointFilterTests {
	private static final String DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI = "/oauth2/revoke";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenRevocationEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();

	@Before

            

Reported by PMD.

              public class OAuth2TokenRevocationEndpointFilterTests {
	private static final String DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI = "/oauth2/revoke";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenRevocationEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();

	@Before
	public void setUp() {

            

Reported by PMD.

              	private static final String DEFAULT_TOKEN_REVOCATION_ENDPOINT_URI = "/oauth2/revoke";
	private AuthenticationManager authenticationManager;
	private OAuth2TokenRevocationEndpointFilter filter;
	private final HttpMessageConverter<OAuth2Error> errorHttpResponseConverter =
			new OAuth2ErrorHttpMessageConverter();

	@Before
	public void setUp() {
		this.authenticationManager = mock(AuthenticationManager.class);

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenRevocationEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenAuthenticationManagerNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenRevocationEndpointFilter(null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("authenticationManager cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenRevocationEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenRevocationEndpointFilter(this.authenticationManager, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("tokenRevocationEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenTokenRevocationEndpointUriNullThenThrowIllegalArgumentException() {
		assertThatThrownBy(() -> new OAuth2TokenRevocationEndpointFilter(this.authenticationManager, null))
				.isInstanceOf(IllegalArgumentException.class)
				.hasMessage("tokenRevocationEndpointUri cannot be empty");
	}

	@Test

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenNotTokenRevocationRequestThenNotProcessed() throws Exception {
		String requestUri = "/path";
		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();
		FilterChain filterChain = mock(FilterChain.class);

            

Reported by PMD.

               * limitations under the License.
 */

package org.springframework.security.oauth2.server.authorization.web;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.time.temporal.ChronoUnit;

            

Reported by PMD.

               * @see AbstractHttpMessageConverter
 * @see OAuth2AccessTokenResponse
 */
class OAuth2AccessTokenResponseHttpMessageConverter
		extends AbstractHttpMessageConverter<OAuth2AccessTokenResponse> {

	private static final Charset DEFAULT_CHARSET = StandardCharsets.UTF_8;

	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {

            

Reported by PMD.

              	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
	};

	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();

	/**
	 * @deprecated This field should no longer be used
	 */
	@Deprecated

            

Reported by PMD.

              	private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() {
	};

	private GenericHttpMessageConverter<Object> jsonMessageConverter = HttpMessageConverters.getJsonMessageConverter();

	/**
	 * @deprecated This field should no longer be used
	 */
	@Deprecated

            

Reported by PMD.

              	 * @deprecated This field should no longer be used
	 */
	@Deprecated
	protected Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter = new MapOAuth2AccessTokenResponseConverter();

	private Converter<Map<String, ?>, OAuth2AccessTokenResponse> accessTokenResponseConverter = new DefaultMapOAuth2AccessTokenResponseConverter();

	/**
	 * @deprecated This field should no longer be used

            

Reported by PMD.

              	@Deprecated
	protected Converter<Map<String, String>, OAuth2AccessTokenResponse> tokenResponseConverter = new MapOAuth2AccessTokenResponseConverter();

	private Converter<Map<String, ?>, OAuth2AccessTokenResponse> accessTokenResponseConverter = new DefaultMapOAuth2AccessTokenResponseConverter();

	/**
	 * @deprecated This field should no longer be used
	 */
	@Deprecated

            

Reported by PMD.

              	 * @deprecated This field should no longer be used
	 */
	@Deprecated
	protected Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter = new OAuth2AccessTokenResponseMapConverter();

	private Converter<OAuth2AccessTokenResponse, Map<String, Object>> accessTokenResponseParametersConverter = new DefaultOAuth2AccessTokenResponseMapConverter();

	OAuth2AccessTokenResponseHttpMessageConverter() {
		super(DEFAULT_CHARSET, MediaType.APPLICATION_JSON, new MediaType("application", "*+json"));

            

Reported by PMD.

              	@Deprecated
	protected Converter<OAuth2AccessTokenResponse, Map<String, String>> tokenResponseParametersConverter = new OAuth2AccessTokenResponseMapConverter();

	private Converter<OAuth2AccessTokenResponse, Map<String, Object>> accessTokenResponseParametersConverter = new DefaultOAuth2AccessTokenResponseMapConverter();

	OAuth2AccessTokenResponseHttpMessageConverter() {
		super(DEFAULT_CHARSET, MediaType.APPLICATION_JSON, new MediaType("application", "*+json"));
	}


            

Reported by PMD.

              				// gh-6463: Parse parameter values as Object in order to handle potential
				// JSON Object and then convert values to String
				Map<String, String> stringTokenResponseParameters = new HashMap<>();
				tokenResponseParameters
						.forEach((key, value) -> stringTokenResponseParameters.put(key, String.valueOf(value)));
				return this.tokenResponseConverter.convert(stringTokenResponseParameters);
			}
			return this.accessTokenResponseConverter.convert(tokenResponseParameters);
		}

            

Reported by PMD.

              			}
			return this.accessTokenResponseConverter.convert(tokenResponseParameters);
		}
		catch (Exception ex) {
			throw new HttpMessageNotReadableException(
					"An error occurred reading the OAuth 2.0 Access Token Response: " + ex.getMessage(), ex,
					inputMessage);
		}
	}

            

Reported by PMD.

              	}

	@Override
	public Jwt encode(JoseHeader headers, JwtClaimsSet claims) throws JwtEncodingException {
		Assert.notNull(headers, "headers cannot be null");
		Assert.notNull(claims, "claims cannot be null");

		JWK jwk = selectJwk(headers);
		headers = addKeyIdentifierHeadersIfNecessary(headers, jwk);

            

Reported by PMD.

               * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.oauth2.jwt;

import java.net.URI;
import java.net.URL;
import java.time.Instant;
import java.util.ArrayList;

            

Reported by PMD.

              	private static final Converter<JoseHeader, JWSHeader> JWS_HEADER_CONVERTER = new JwsHeaderConverter();
	private static final Converter<JwtClaimsSet, JWTClaimsSet> JWT_CLAIMS_SET_CONVERTER = new JwtClaimsSetConverter();
	private static final JWSSignerFactory JWS_SIGNER_FACTORY = new DefaultJWSSignerFactory();
	private final Map<JWK, JWSSigner> jwsSigners = new ConcurrentHashMap<>();
	private final JWKSource<SecurityContext> jwkSource;

	/**
	 * Constructs a {@code NimbusJwsEncoder} using the provided parameters.
	 * @param jwkSource the {@code com.nimbusds.jose.jwk.source.JWKSource}

            

Reported by PMD.

              	private static final Converter<JwtClaimsSet, JWTClaimsSet> JWT_CLAIMS_SET_CONVERTER = new JwtClaimsSetConverter();
	private static final JWSSignerFactory JWS_SIGNER_FACTORY = new DefaultJWSSignerFactory();
	private final Map<JWK, JWSSigner> jwsSigners = new ConcurrentHashMap<>();
	private final JWKSource<SecurityContext> jwkSource;

	/**
	 * Constructs a {@code NimbusJwsEncoder} using the provided parameters.
	 * @param jwkSource the {@code com.nimbusds.jose.jwk.source.JWKSource}
	 */

            

Reported by PMD.

              
		String jws = serialize(headers, claims, jwk);

		return new Jwt(jws, claims.getIssuedAt(), claims.getExpiresAt(), headers.getHeaders(), claims.getClaims());
	}

	private JWK selectJwk(JoseHeader headers) {
		List<JWK> jwks;
		try {

            

Reported by PMD.

              		try {
			JWKSelector jwkSelector = new JWKSelector(createJwkMatcher(headers));
			jwks = this.jwkSource.get(jwkSelector, null);
		} catch (Exception ex) {
			throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
					"Failed to select a JWK signing key -> " + ex.getMessage()), ex);
		}

		if (jwks.size() > 1) {

            

Reported by PMD.

              					"Failed to select a JWK signing key -> " + ex.getMessage()), ex);
		}

		if (jwks.size() > 1) {
			throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
					"Found multiple JWK signing keys for algorithm '" + headers.getAlgorithm().getName() + "'"));
		}

		if (jwks.isEmpty()) {

            

Reported by PMD.

              					"Failed to select a JWK signing key -> " + ex.getMessage()), ex);
		}

		if (jwks.size() > 1) {
			throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
					"Found multiple JWK signing keys for algorithm '" + headers.getAlgorithm().getName() + "'"));
		}

		if (jwks.isEmpty()) {

            

Reported by PMD.

              
		if (jwks.size() > 1) {
			throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
					"Found multiple JWK signing keys for algorithm '" + headers.getAlgorithm().getName() + "'"));
		}

		if (jwks.isEmpty()) {
			throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
					"Failed to select a JWK signing key"));

            

Reported by PMD.

              					"Found multiple JWK signing keys for algorithm '" + headers.getAlgorithm().getName() + "'"));
		}

		if (jwks.isEmpty()) {
			throw new JwtEncodingException(String.format(ENCODING_ERROR_MESSAGE_TEMPLATE,
					"Failed to select a JWK signing key"));
		}

		return jwks.get(0);

            

Reported by PMD.

               * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-4.4.2">Section 4.4.2 Access Token Request</a>
 */
public final class OAuth2ClientCredentialsAuthenticationProvider implements AuthenticationProvider {
	private final OAuth2AuthorizationService authorizationService;
	private final JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer = (context) -> {};
	private ProviderSettings providerSettings;

	/**

            

Reported by PMD.

               */
public final class OAuth2ClientCredentialsAuthenticationProvider implements AuthenticationProvider {
	private final OAuth2AuthorizationService authorizationService;
	private final JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer = (context) -> {};
	private ProviderSettings providerSettings;

	/**
	 * Constructs an {@code OAuth2ClientCredentialsAuthenticationProvider} using the provided parameters.

            

Reported by PMD.

              public final class OAuth2ClientCredentialsAuthenticationProvider implements AuthenticationProvider {
	private final OAuth2AuthorizationService authorizationService;
	private final JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer = (context) -> {};
	private ProviderSettings providerSettings;

	/**
	 * Constructs an {@code OAuth2ClientCredentialsAuthenticationProvider} using the provided parameters.
	 *

            

Reported by PMD.

              	private final OAuth2AuthorizationService authorizationService;
	private final JwtEncoder jwtEncoder;
	private OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer = (context) -> {};
	private ProviderSettings providerSettings;

	/**
	 * Constructs an {@code OAuth2ClientCredentialsAuthenticationProvider} using the provided parameters.
	 *
	 * @param authorizationService the authorization service

            

Reported by PMD.

              
		OAuth2ClientAuthenticationToken clientPrincipal =
				getAuthenticatedClientElseThrowInvalidClient(clientCredentialsAuthentication);
		RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();

		if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.CLIENT_CREDENTIALS)) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
		}


            

Reported by PMD.

              				getAuthenticatedClientElseThrowInvalidClient(clientCredentialsAuthentication);
		RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();

		if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.CLIENT_CREDENTIALS)) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
		}

		Set<String> authorizedScopes = registeredClient.getScopes();		// Default to configured scopes
		if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) {

            

Reported by PMD.

              				getAuthenticatedClientElseThrowInvalidClient(clientCredentialsAuthentication);
		RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();

		if (!registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.CLIENT_CREDENTIALS)) {
			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
		}

		Set<String> authorizedScopes = registeredClient.getScopes();		// Default to configured scopes
		if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) {

            

Reported by PMD.

              			throw new OAuth2AuthenticationException(OAuth2ErrorCodes.UNAUTHORIZED_CLIENT);
		}

		Set<String> authorizedScopes = registeredClient.getScopes();		// Default to configured scopes
		if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) {
			for (String requestedScope : clientCredentialsAuthentication.getScopes()) {
				if (!registeredClient.getScopes().contains(requestedScope)) {
					throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
				}

            

Reported by PMD.

              		}

		Set<String> authorizedScopes = registeredClient.getScopes();		// Default to configured scopes
		if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) {
			for (String requestedScope : clientCredentialsAuthentication.getScopes()) {
				if (!registeredClient.getScopes().contains(requestedScope)) {
					throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
				}
			}

            

Reported by PMD.

              		Set<String> authorizedScopes = registeredClient.getScopes();		// Default to configured scopes
		if (!CollectionUtils.isEmpty(clientCredentialsAuthentication.getScopes())) {
			for (String requestedScope : clientCredentialsAuthentication.getScopes()) {
				if (!registeredClient.getScopes().contains(requestedScope)) {
					throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_SCOPE);
				}
			}
			authorizedScopes = new LinkedHashSet<>(clientCredentialsAuthentication.getScopes());
		}

            

Reported by PMD.

              
	@Test
	public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OidcProviderConfigurationEndpointFilter(null))
				.withMessage("providerSettings cannot be null");
	}

	@Test

            

Reported by PMD.

              
	@Test
	public void constructorWhenProviderSettingsNullThenThrowIllegalArgumentException() {
		assertThatIllegalArgumentException()
				.isThrownBy(() -> new OidcProviderConfigurationEndpointFilter(null))
				.withMessage("providerSettings cannot be null");
	}

	@Test

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenNotConfigurationRequestThenNotProcessed() throws Exception {
		OidcProviderConfigurationEndpointFilter filter =
				new OidcProviderConfigurationEndpointFilter(ProviderSettings.builder().build());

		String requestUri = "/path";
		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);

            

Reported by PMD.

              	@Test
	public void doFilterWhenNotConfigurationRequestThenNotProcessed() throws Exception {
		OidcProviderConfigurationEndpointFilter filter =
				new OidcProviderConfigurationEndpointFilter(ProviderSettings.builder().build());

		String requestUri = "/path";
		MockHttpServletRequest request = new MockHttpServletRequest("GET", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();

            

Reported by PMD.

              
		filter.doFilter(request, response, filterChain);

		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
	}

	@Test
	public void doFilterWhenConfigurationRequestPostThenNotProcessed() throws Exception {
		OidcProviderConfigurationEndpointFilter filter =

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenConfigurationRequestPostThenNotProcessed() throws Exception {
		OidcProviderConfigurationEndpointFilter filter =
				new OidcProviderConfigurationEndpointFilter(ProviderSettings.builder().build());

		String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI;
		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);

            

Reported by PMD.

              	@Test
	public void doFilterWhenConfigurationRequestPostThenNotProcessed() throws Exception {
		OidcProviderConfigurationEndpointFilter filter =
				new OidcProviderConfigurationEndpointFilter(ProviderSettings.builder().build());

		String requestUri = DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI;
		MockHttpServletRequest request = new MockHttpServletRequest("POST", requestUri);
		request.setServletPath(requestUri);
		MockHttpServletResponse response = new MockHttpServletResponse();

            

Reported by PMD.

              
		filter.doFilter(request, response, filterChain);

		verify(filterChain).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));
	}

	@Test
	public void doFilterWhenConfigurationRequestThenConfigurationResponse() throws Exception {
		String authorizationEndpoint = "/oauth2/v1/authorize";

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenConfigurationRequestThenConfigurationResponse() throws Exception {
		String authorizationEndpoint = "/oauth2/v1/authorize";
		String tokenEndpoint = "/oauth2/v1/token";
		String jwkSetEndpoint = "/oauth2/v1/jwks";

		ProviderSettings providerSettings = ProviderSettings.builder()

            

Reported by PMD.

              	}

	@Test
	public void doFilterWhenConfigurationRequestThenConfigurationResponse() throws Exception {
		String authorizationEndpoint = "/oauth2/v1/authorize";
		String tokenEndpoint = "/oauth2/v1/token";
		String jwkSetEndpoint = "/oauth2/v1/jwks";

		ProviderSettings providerSettings = ProviderSettings.builder()

            

Reported by PMD.