automated code formatting and cleanup

openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java

@@ -16,6 +16,8 @@
  *******************************************************************************/
 package org.mitre.oauth2.introspectingfilter;
 
+import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
+
 import java.io.IOException;
 import java.net.URI;
 import java.util.Calendar;
@@ -54,8 +56,6 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.nimbusds.jose.util.Base64;
 
-import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC;
-
 /**
  * This ResourceServerTokenServices implementation introspects incoming tokens at a
  * server's introspection endpoint URL and passes an Authentication object along

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java

@@ -345,11 +345,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 
 		if(httpClient == null) {
 			httpClient = HttpClientBuilder.create()
-										  .useSystemProperties()
+					.useSystemProperties()
-										  .setDefaultRequestConfig(RequestConfig.custom()
+					.setDefaultRequestConfig(RequestConfig.custom()
-																				.setSocketTimeout(httpSocketTimeout)
+							.setSocketTimeout(httpSocketTimeout)
-																				.build())
+							.build())
-										  .build();
+					.build();
 		}
 
 		HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(httpClient);

openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java

@@ -90,6 +90,7 @@ public class UserInfoFetcher {
 			this.factory = new HttpComponentsClientHttpRequestFactory(httpClient);
 		}
 
+		@Override
 		public UserInfo load(final PendingOIDCAuthenticationToken token) throws URISyntaxException {
 
 			ServerConfiguration serverConfiguration = token.getServerConfiguration();

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java

@@ -19,8 +19,6 @@
  */
 package org.mitre.openid.connect.client.service;
 
-import java.util.List;
-
 import org.mitre.oauth2.model.RegisteredClient;
 
 /**

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java

@@ -19,6 +19,13 @@
  */
 package org.mitre.openid.connect.client.service.impl;
 
+import static org.mitre.util.JsonUtils.getAsBoolean;
+import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
+import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
+import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
+import static org.mitre.util.JsonUtils.getAsString;
+import static org.mitre.util.JsonUtils.getAsStringList;
+
 import java.util.HashSet;
 import java.util.Set;
 import java.util.concurrent.ExecutionException;
@@ -41,13 +48,6 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
-import static org.mitre.util.JsonUtils.getAsBoolean;
-import static org.mitre.util.JsonUtils.getAsEncryptionMethodList;
-import static org.mitre.util.JsonUtils.getAsJweAlgorithmList;
-import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList;
-import static org.mitre.util.JsonUtils.getAsString;
-import static org.mitre.util.JsonUtils.getAsStringList;
-
 /**
  *
  * Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
@@ -133,9 +133,9 @@ public class DynamicServerConfigurationService implements ServerConfigurationSer
 		private HttpComponentsClientHttpRequestFactory httpFactory;
 		private JsonParser parser = new JsonParser();
 
-        OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
+		OpenIDConnectServiceConfigurationFetcher(HttpClient httpClient) {
-            this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
+			this.httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
-        }
+		}
 
 		@Override
 		public ServerConfiguration load(String issuer) throws Exception {

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/JsonFileRegisteredClientService.java

@@ -55,20 +55,20 @@ public class JsonFileRegisteredClientService implements RegisteredClientService
 	private static final Logger logger = LoggerFactory.getLogger(JsonFileRegisteredClientService.class);
 
 	private Gson gson = new GsonBuilder()
-	.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
+			.registerTypeAdapter(RegisteredClient.class, new JsonSerializer<RegisteredClient>() {
-		@Override
+				@Override
-		public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(RegisteredClient src, Type typeOfSrc, JsonSerializationContext context) {
-			return ClientDetailsEntityJsonProcessor.serialize(src);
+					return ClientDetailsEntityJsonProcessor.serialize(src);
-		}
+				}
-	})
+			})
-	.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
+			.registerTypeAdapter(RegisteredClient.class, new JsonDeserializer<RegisteredClient>() {
-		@Override
+				@Override
-		public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+				public RegisteredClient deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-			return ClientDetailsEntityJsonProcessor.parseRegistered(json);
+					return ClientDetailsEntityJsonProcessor.parseRegistered(json);
-		}
+				}
-	})
+			})
-	.setPrettyPrinting()
+			.setPrettyPrinting()
-	.create();
+			.create();
 
 	private File file;
 

openid-connect-client/src/test/java/org/mitre/openid/connect/client/TestOIDCAuthenticationFilter.java

@@ -1,11 +1,5 @@
 package org.mitre.openid.connect.client;
 
-import static org.hamcrest.CoreMatchers.instanceOf;
-import static org.hamcrest.CoreMatchers.is;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -13,6 +7,14 @@ import org.junit.Test;
 import org.mockito.Mockito;
 import org.springframework.security.authentication.AuthenticationServiceException;
 
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.is;
+
+import static org.mockito.Mockito.mock;
+
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+
 public class TestOIDCAuthenticationFilter {
 
 	private OIDCAuthenticationFilter filter = new OIDCAuthenticationFilter();

openid-connect-common/src/main/java/org/mitre/data/AbstractPageOperationTemplate.java

@@ -1,12 +1,12 @@
 package org.mitre.data;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 /**
  * Abstract class for performing an operation on a potentially large
  * number of items by paging through the items in discreet chunks.
@@ -16,162 +16,162 @@ import java.util.Set;
  */
 public abstract class AbstractPageOperationTemplate<T> {
 
-    private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
+	private static final Logger logger = LoggerFactory.getLogger(AbstractPageOperationTemplate.class);
 
-    private static int DEFAULT_MAX_PAGES = 1000;
+	private static int DEFAULT_MAX_PAGES = 1000;
-    private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
+	private static long DEFAULT_MAX_TIME_MILLIS = 600000L; //10 Minutes
 
-    /**
+	/**
-     * int specifying the maximum number of
+	 * int specifying the maximum number of
-     * pages which should be fetched before
+	 * pages which should be fetched before
-     * execution should terminate
+	 * execution should terminate
-     */
+	 */
-    private int maxPages;
+	private int maxPages;
 
-    /**
+	/**
-     * long specifying the maximum execution time
+	 * long specifying the maximum execution time
-     * in milliseconds
+	 * in milliseconds
-     */
+	 */
-    private long maxTime;
+	private long maxTime;
 
-    /**
+	/**
-     * boolean specifying whether or not Exceptions
+	 * boolean specifying whether or not Exceptions
-     * incurred performing the operation should be
+	 * incurred performing the operation should be
-     * swallowed during execution default true.
+	 * swallowed during execution default true.
-     */
+	 */
-    private boolean swallowExceptions = true;
+	private boolean swallowExceptions = true;
 
-    /**
+	/**
-     * String that is used for logging in final tallies.
+	 * String that is used for logging in final tallies.
-     */
+	 */
-    private String operationName = "";
+	private String operationName = "";
 
 
-    /**
+	/**
-     * default constructor which sets the value of
+	 * default constructor which sets the value of
-     * maxPages and maxTime to DEFAULT_MAX_PAGES and
+	 * maxPages and maxTime to DEFAULT_MAX_PAGES and
-     * DEFAULT_MAX_TIME_MILLIS respectively
+	 * DEFAULT_MAX_TIME_MILLIS respectively
-     */
+	 */
-    public AbstractPageOperationTemplate(String operationName){
+	public AbstractPageOperationTemplate(String operationName){
-        this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
+		this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
-    }
+	}
 
-    /**
+	/**
-     * Instantiates a new AbstractPageOperationTemplate with the
+	 * Instantiates a new AbstractPageOperationTemplate with the
-     * given maxPages and maxTime
+	 * given maxPages and maxTime
-     *
+	 *
-     * @param maxPages the maximum number of pages to fetch.
+	 * @param maxPages the maximum number of pages to fetch.
-     * @param maxTime the maximum execution time.
+	 * @param maxTime the maximum execution time.
-     */
+	 */
-    public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
+	public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
-        this.maxPages = maxPages;
+		this.maxPages = maxPages;
-        this.maxTime = maxTime;
+		this.maxTime = maxTime;
-        this.operationName = operationName;
+		this.operationName = operationName;
-    }
+	}
 
-    /**
+	/**
-     * Execute the operation on each member of a page of results
+	 * Execute the operation on each member of a page of results
-     * retrieved through the fetch method. the method will execute
+	 * retrieved through the fetch method. the method will execute
-     * until either the maxPages or maxTime limit is reached or until
+	 * until either the maxPages or maxTime limit is reached or until
-     * the fetch method returns no more results. Exceptions thrown
+	 * the fetch method returns no more results. Exceptions thrown
-     * performing the operation on the item will be swallowed if the
+	 * performing the operation on the item will be swallowed if the
-     * swallowException (default true) field is set true.
+	 * swallowException (default true) field is set true.
-     */
+	 */
-    public void execute(){
+	public void execute(){
-        logger.debug("[" + getOperationName() +  "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
+		logger.debug("[" + getOperationName() +  "] Starting execution of paged operation. maximum time: " + maxTime + ", maximum pages: " + maxPages);
 
-        long startTime = System.currentTimeMillis();
+		long startTime = System.currentTimeMillis();
-        long executionTime = 0;
+		long executionTime = 0;
-        int i = 0;
+		int i = 0;
 
-        int exceptionsSwallowedCount = 0;
+		int exceptionsSwallowedCount = 0;
-        int operationsCompleted = 0;
+		int operationsCompleted = 0;
-        Set<String> exceptionsSwallowedClasses = new HashSet<String>();
+		Set<String> exceptionsSwallowedClasses = new HashSet<String>();
 
 
-        while (i< maxPages && executionTime < maxTime){
+		while (i< maxPages && executionTime < maxTime){
-            Collection<T> page = fetchPage();
+			Collection<T> page = fetchPage();
-            if(page == null || page.size() == 0){
+			if(page == null || page.size() == 0){
-                break;
+				break;
-            }
+			}
 
-            for (T item : page) {
+			for (T item : page) {
-                try {
+				try {
-                    doOperation(item);
+					doOperation(item);
-                    operationsCompleted++;
+					operationsCompleted++;
-                } catch (Exception e){
+				} catch (Exception e){
-                    if(swallowExceptions){
+					if(swallowExceptions){
-                        exceptionsSwallowedCount++;
+						exceptionsSwallowedCount++;
-                        exceptionsSwallowedClasses.add(e.getClass().getName());
+						exceptionsSwallowedClasses.add(e.getClass().getName());
-                        logger.debug("Swallowing exception " + e.getMessage(), e);
+						logger.debug("Swallowing exception " + e.getMessage(), e);
-                    } else {
+					} else {
-                        logger.debug("Rethrowing exception " + e.getMessage());
+						logger.debug("Rethrowing exception " + e.getMessage());
-                        throw e;
+						throw e;
-                    }
+					}
-                }
+				}
-            }
+			}
 
-            i++;
+			i++;
-            executionTime = System.currentTimeMillis() - startTime;
+			executionTime = System.currentTimeMillis() - startTime;
-        }
+		}
 
-        finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
+		finalReport(operationsCompleted, exceptionsSwallowedCount, exceptionsSwallowedClasses);
-    }
+	}
 
 
 
-    /**
+	/**
-     * method responsible for fetching
+	 * method responsible for fetching
-     * a page of items.
+	 * a page of items.
-     *
+	 *
-     * @return the collection of items
+	 * @return the collection of items
-     */
+	 */
-    public abstract Collection<T> fetchPage();
+	public abstract Collection<T> fetchPage();
 
-    /**
+	/**
-     * method responsible for performing desired
+	 * method responsible for performing desired
-     * operation on a fetched page item.
+	 * operation on a fetched page item.
-     *
+	 *
-     * @param item the item
+	 * @param item the item
-     */
+	 */
-    protected abstract void doOperation(T item);
+	protected abstract void doOperation(T item);
 
-    /**
+	/**
-     * Method responsible for final report of progress.
+	 * Method responsible for final report of progress.
-     * @return
+	 * @return
-     */
+	 */
-    protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
+	protected void finalReport(int operationsCompleted, int exceptionsSwallowedCount, Set<String> exceptionsSwallowedClasses) {
-    	if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
+		if (operationsCompleted > 0 || exceptionsSwallowedCount > 0) {
-    		logger.info("[" + getOperationName() +  "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
+			logger.info("[" + getOperationName() +  "] Paged operation run: completed " + operationsCompleted + "; swallowed " + exceptionsSwallowedCount + " exceptions");
-    	}
+		}
-    	for(String className:  exceptionsSwallowedClasses) {
+		for(String className:  exceptionsSwallowedClasses) {
-    		logger.warn("[" + getOperationName() +  "] Paged operation swallowed at least one exception of type " + className);
+			logger.warn("[" + getOperationName() +  "] Paged operation swallowed at least one exception of type " + className);
-    	}
+		}
-    }
+	}
 
-    public int getMaxPages() {
+	public int getMaxPages() {
-        return maxPages;
+		return maxPages;
-    }
+	}
 
-    public void setMaxPages(int maxPages) {
+	public void setMaxPages(int maxPages) {
-        this.maxPages = maxPages;
+		this.maxPages = maxPages;
-    }
+	}
 
-    public long getMaxTime() {
+	public long getMaxTime() {
-        return maxTime;
+		return maxTime;
-    }
+	}
 
-    public void setMaxTime(long maxTime) {
+	public void setMaxTime(long maxTime) {
-        this.maxTime = maxTime;
+		this.maxTime = maxTime;
-    }
+	}
 
-    public boolean isSwallowExceptions() {
+	public boolean isSwallowExceptions() {
-        return swallowExceptions;
+		return swallowExceptions;
-    }
+	}
 
-    public void setSwallowExceptions(boolean swallowExceptions) {
+	public void setSwallowExceptions(boolean swallowExceptions) {
-        this.swallowExceptions = swallowExceptions;
+		this.swallowExceptions = swallowExceptions;
-    }
+	}
 
 
 	/**

openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java

@@ -8,28 +8,28 @@ package org.mitre.data;
  */
 public class DefaultPageCriteria implements PageCriteria {
 
-    private static final int DEFAULT_PAGE_NUMBER = 0;
+	private static final int DEFAULT_PAGE_NUMBER = 0;
-    private static final int DEFAULT_PAGE_SIZE = 100;
+	private static final int DEFAULT_PAGE_SIZE = 100;
 
-    private int pageNumber;
+	private int pageNumber;
-    private int pageSize;
+	private int pageSize;
 
-    public DefaultPageCriteria(){
+	public DefaultPageCriteria(){
-        this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
+		this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE);
-    }
+	}
 
-    public DefaultPageCriteria(int pageNumber, int pageSize) {
+	public DefaultPageCriteria(int pageNumber, int pageSize) {
-        this.pageNumber = pageNumber;
+		this.pageNumber = pageNumber;
-        this.pageSize = pageSize;
+		this.pageSize = pageSize;
-    }
+	}
 
-    @Override
+	@Override
-    public int getPageNumber() {
+	public int getPageNumber() {
-        return pageNumber;
+		return pageNumber;
-    }
+	}
 
-    @Override
+	@Override
-    public int getPageSize() {
+	public int getPageSize() {
-        return pageSize;
+		return pageSize;
-    }
+	}
 }

openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java

@@ -8,6 +8,6 @@ package org.mitre.data;
  */
 public interface PageCriteria {
 
-    public int getPageNumber();
+	public int getPageNumber();
-    public int getPageSize();
+	public int getPageSize();
 }

openid-connect-common/src/main/java/org/mitre/jwt/encryption/service/impl/DefaultJWTEncryptionAndDecryptionService.java

@@ -45,7 +45,6 @@ import com.nimbusds.jose.crypto.ECDHEncrypter;
 import com.nimbusds.jose.crypto.RSADecrypter;
 import com.nimbusds.jose.crypto.RSAEncrypter;
 import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
-import com.nimbusds.jose.jca.JCAContext;
 import com.nimbusds.jose.jwk.ECKey;
 import com.nimbusds.jose.jwk.JWK;
 import com.nimbusds.jose.jwk.OctetSequenceKey;

openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJWTSigningAndValidationService.java

@@ -17,8 +17,6 @@
 package org.mitre.jwt.signer.service.impl;
 
 import java.security.NoSuchAlgorithmException;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.ECPublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Collection;
 import java.util.HashMap;

openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java

@@ -57,7 +57,6 @@ import org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.oauth2.provider.ClientDetails;
 
-import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;

openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java

@@ -41,7 +41,6 @@ import javax.persistence.ManyToOne;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.OneToMany;
-import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
@@ -297,7 +296,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 			name = "access_token_permissions",
 			joinColumns = @JoinColumn(name = "access_token_id"),
 			inverseJoinColumns = @JoinColumn(name = "permission_id")
-	)
+			)
 	public Set<Permission> getPermissions() {
 		return permissions;
 	}

openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java

@@ -26,6 +26,11 @@ import com.nimbusds.jose.Requirement;
  */
 public final class PKCEAlgorithm extends Algorithm {
 
+	/**
+	 *
+	 */
+	private static final long serialVersionUID = 7752852583210088925L;
+
 	public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED);
 
 	public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL);

openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java

@@ -28,7 +28,6 @@ import javax.persistence.Id;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.Table;
-import javax.persistence.Transient;
 
 /**
  * @author jricher

openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java

@@ -32,5 +32,5 @@ public interface AuthenticationHolderRepository {
 
 	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders();
 
-    public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
+	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria);
 }

openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java

@@ -57,10 +57,10 @@ public interface AuthorizationCodeRepository {
 	 */
 	public Collection<AuthorizationCodeEntity> getExpiredCodes();
 
-    /**
+	/**
-     * @return A collection of all expired codes, limited by the given
+	 * @return A collection of all expired codes, limited by the given
-     * PageCriteria.
+	 * PageCriteria.
-     */
+	 */
-    public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
+	public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria);
 
 }

openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java

@@ -58,36 +58,36 @@ public interface OAuth2TokenRepository {
 
 	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens();
 
-    public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
+	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria);
 
 	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens();
 
-    public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
+	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria);
 
 	public Set<OAuth2AccessTokenEntity> getAccessTokensForResourceSet(ResourceSet rs);
 
-    /**
+	/**
-     * removes duplicate access tokens.
+	 * removes duplicate access tokens.
-     *
+	 *
-     * @deprecated this method was added to return the remove duplicate access tokens values
+	 * @deprecated this method was added to return the remove duplicate access tokens values
-     * so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
+	 * so that {code removeAccessToken(OAuth2AccessTokenEntity o)} would not to fail. the
-     * removeAccessToken method has been updated so as it will not fail in the event that an
+	 * removeAccessToken method has been updated so as it will not fail in the event that an
-     * accessToken has been duplicated, so this method is unnecessary.
+	 * accessToken has been duplicated, so this method is unnecessary.
-     *
+	 *
-     */
+	 */
-    @Deprecated
+	@Deprecated
 	public void clearDuplicateAccessTokens();
 
-    /**
+	/**
-     * removes duplicate refresh tokens.
+	 * removes duplicate refresh tokens.
-     *
+	 *
-     * @deprecated this method was added to return the remove duplicate refresh token value
+	 * @deprecated this method was added to return the remove duplicate refresh token value
-     * so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
+	 * so that {code removeRefreshToken(OAuth2RefreshTokenEntity o)} would not to fail. the
-     * removeRefreshToken method has been updated so as it will not fail in the event that
+	 * removeRefreshToken method has been updated so as it will not fail in the event that
-     * refreshToken has been duplicated, so this method is unnecessary.
+	 * refreshToken has been duplicated, so this method is unnecessary.
-     *
+	 *
-     */
+	 */
-    @Deprecated
+	@Deprecated
 	public void clearDuplicateRefreshTokens();
 
 	public List<OAuth2AccessTokenEntity> getAccessTokensForApprovedSite(ApprovedSite approvedSite);

openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java

@@ -18,7 +18,6 @@
 package org.mitre.oauth2.repository.impl;
 
 import java.util.Collection;
-import java.util.Set;
 
 import org.mitre.oauth2.model.DeviceCode;
 

openid-connect-common/src/main/java/org/mitre/oauth2/service/DeviceCodeService.java

@@ -24,7 +24,6 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.DeviceCode;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.OAuth2Request;
 
 /**
  * @author jricher

openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java

@@ -39,10 +39,10 @@ public interface SystemScopeService {
 	public static final String UMA_AUTHORIZATION_SCOPE = "uma_authorization";
 
 	public static final Set<SystemScope> reservedScopes =
-		Sets.newHashSet(
+			Sets.newHashSet(
-			new SystemScope(REGISTRATION_TOKEN_SCOPE),
+					new SystemScope(REGISTRATION_TOKEN_SCOPE),
-			new SystemScope(RESOURCE_TOKEN_SCOPE)
+					new SystemScope(RESOURCE_TOKEN_SCOPE)
-		);
+					);
 
 	public Set<SystemScope> getAll();
 

openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultClientUserDetailsService.java

@@ -66,7 +66,7 @@ public class DefaultClientUserDetailsService implements UserDetailsService {
 
 				if (config.isHeartMode() || // if we're running HEART mode turn off all client secrets
 						(client.getTokenEndpointAuthMethod() != null &&
-							(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
+						(client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) ||
 								client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT)))) {
 
 					// Issue a random password each time to prevent password auth from being used (or skipped)

openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java

@@ -215,8 +215,8 @@ public class ClientDetailsEntityJsonProcessor {
 			String softwareStatement = getAsString(o,  SOFTWARE_STATEMENT);
 			if (!Strings.isNullOrEmpty(softwareStatement)) {
 				try {
-						JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
+					JWT softwareStatementJwt = JWTParser.parse(softwareStatement);
-						c.setSoftwareStatement(softwareStatementJwt);
+					c.setSoftwareStatement(softwareStatementJwt);
 				} catch (ParseException e) {
 					logger.warn("Error parsing software statement", e);
 					return null;

openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationBeanLocaleResolver.java

@@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.i18n.LocaleContext;
 import org.springframework.context.i18n.TimeZoneAwareLocaleContext;
-import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.i18n.AbstractLocaleContextResolver;
 
 /**

openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java

@@ -64,11 +64,11 @@ public class ConfigurationPropertiesBean {
 
 	private List<String> languageNamespaces = Lists.newArrayList("messages");
 
-    private boolean dualClient = false;
+	private boolean dualClient = false;
 
-    private boolean heartMode = false;
+	private boolean heartMode = false;
 
-    public ConfigurationPropertiesBean() {
+	public ConfigurationPropertiesBean() {
 
 	}
 
@@ -211,37 +211,37 @@ public class ConfigurationPropertiesBean {
 	}
 
 	/**
-     * @return true if dual client is configured, otherwise false
+	 * @return true if dual client is configured, otherwise false
-     */
+	 */
-    public boolean isDualClient() {
+	public boolean isDualClient() {
-    	if (isHeartMode()) {
+		if (isHeartMode()) {
-    		return false; // HEART mode is incompatible with dual client mode
+			return false; // HEART mode is incompatible with dual client mode
-    	} else {
+		} else {
-    		return dualClient;
+			return dualClient;
-    	}
+		}
-    }
+	}
 
-    /**
+	/**
-     * @param dualClient the dual client configuration
+	 * @param dualClient the dual client configuration
-     */
+	 */
-    public void setDualClient(boolean dualClient) {
+	public void setDualClient(boolean dualClient) {
-        this.dualClient = dualClient;
+		this.dualClient = dualClient;
-    }
+	}
 
-    /**
+	/**
-     * Get the list of namespaces as a JSON string, for injection into the JavaScript UI
+	 * Get the list of namespaces as a JSON string, for injection into the JavaScript UI
-     * @return
+	 * @return
-     */
+	 */
-    public String getLanguageNamespacesString() {
+	public String getLanguageNamespacesString() {
-    	return new Gson().toJson(getLanguageNamespaces());
+		return new Gson().toJson(getLanguageNamespaces());
-    }
+	}
 
-    /**
+	/**
-     * Get the default namespace (first in the nonempty list)
+	 * Get the default namespace (first in the nonempty list)
-     */
+	 */
-    public String getDefaultLanguageNamespace() {
+	public String getDefaultLanguageNamespace() {
-    	return getLanguageNamespaces().get(0);
+		return getLanguageNamespaces().get(0);
-    }
+	}
 
 	/**
 	 * @return the heartMode

openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java

@@ -20,7 +20,6 @@ import java.util.Date;
 import java.util.Set;
 
 import javax.persistence.Basic;
-import javax.persistence.CascadeType;
 import javax.persistence.CollectionTable;
 import javax.persistence.Column;
 import javax.persistence.ElementCollection;
@@ -32,15 +31,10 @@ import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
-import javax.persistence.OneToMany;
 import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
 
-import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
-
-import com.google.common.collect.Sets;
-
 @Entity
 @Table(name="approved_site")
 @NamedQueries({

openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultAddress.java

@@ -16,8 +16,6 @@
  *******************************************************************************/
 package org.mitre.openid.connect.model;
 
-import java.io.Serializable;
-
 import javax.persistence.Basic;
 import javax.persistence.Column;
 import javax.persistence.Entity;
@@ -63,6 +61,7 @@ public class DefaultAddress implements Address {
 	/**
 	 * @return the formatted address string
 	 */
+	@Override
 	@Basic
 	@Column(name = "formatted")
 	public String getFormatted() {
@@ -71,12 +70,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param formatted the formatted address to set
 	 */
+	@Override
 	public void setFormatted(String formatted) {
 		this.formatted = formatted;
 	}
 	/**
 	 * @return the streetAddress
 	 */
+	@Override
 	@Basic
 	@Column(name="street_address")
 	public String getStreetAddress() {
@@ -85,12 +86,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param streetAddress the streetAddress to set
 	 */
+	@Override
 	public void setStreetAddress(String streetAddress) {
 		this.streetAddress = streetAddress;
 	}
 	/**
 	 * @return the locality
 	 */
+	@Override
 	@Basic
 	@Column(name = "locality")
 	public String getLocality() {
@@ -99,12 +102,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param locality the locality to set
 	 */
+	@Override
 	public void setLocality(String locality) {
 		this.locality = locality;
 	}
 	/**
 	 * @return the region
 	 */
+	@Override
 	@Basic
 	@Column(name = "region")
 	public String getRegion() {
@@ -113,12 +118,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param region the region to set
 	 */
+	@Override
 	public void setRegion(String region) {
 		this.region = region;
 	}
 	/**
 	 * @return the postalCode
 	 */
+	@Override
 	@Basic
 	@Column(name="postal_code")
 	public String getPostalCode() {
@@ -127,12 +134,14 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param postalCode the postalCode to set
 	 */
+	@Override
 	public void setPostalCode(String postalCode) {
 		this.postalCode = postalCode;
 	}
 	/**
 	 * @return the country
 	 */
+	@Override
 	@Basic
 	@Column(name = "country")
 	public String getCountry() {
@@ -141,6 +150,7 @@ public class DefaultAddress implements Address {
 	/**
 	 * @param country the country to set
 	 */
+	@Override
 	public void setCountry(String country) {
 		this.country = country;
 	}
@@ -148,6 +158,7 @@ public class DefaultAddress implements Address {
 	/**
 	 * @return the id
 	 */
+	@Override
 	@Id
 	@GeneratedValue(strategy=GenerationType.IDENTITY)
 	@Column(name = "id")

openid-connect-common/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java

@@ -51,13 +51,13 @@ import com.google.gson.JsonSerializer;
 public class UserInfoInterceptor extends HandlerInterceptorAdapter {
 
 	private Gson gson = new GsonBuilder()
-	.registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
+			.registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
-		@Override
+				@Override
-		public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
-			return new JsonPrimitive(src.getAuthority());
+					return new JsonPrimitive(src.getAuthority());
-		}
+				}
-	})
+			})
-	.create();
+			.create();
 
 	@Autowired (required = false)
 	private UserInfoService userInfoService;

openid-connect-common/src/main/java/org/mitre/uma/model/Claim.java

@@ -118,9 +118,9 @@ public class Claim {
 	@ElementCollection(fetch = FetchType.EAGER)
 	@Column(name = "claim_token_format")
 	@CollectionTable(
-		name = "claim_token_format",
+			name = "claim_token_format",
-		joinColumns = @JoinColumn(name = "owner_id")
+			joinColumns = @JoinColumn(name = "owner_id")
-	)
+			)
 	public Set<String> getClaimTokenFormat() {
 		return claimTokenFormat;
 	}
@@ -137,9 +137,9 @@ public class Claim {
 	@ElementCollection(fetch = FetchType.EAGER)
 	@Column(name = "issuer")
 	@CollectionTable(
-		name = "claim_issuer",
+			name = "claim_issuer",
-		joinColumns = @JoinColumn(name = "owner_id")
+			joinColumns = @JoinColumn(name = "owner_id")
-	)
+			)
 	public Set<String> getIssuer() {
 		return issuer;
 	}

openid-connect-common/src/main/java/org/mitre/uma/model/Permission.java

@@ -81,9 +81,9 @@ public class Permission {
 	@ElementCollection(fetch = FetchType.EAGER)
 	@Column(name = "scope")
 	@CollectionTable(
-		name = "permission_scope",
+			name = "permission_scope",
-		joinColumns = @JoinColumn(name = "owner_id")
+			joinColumns = @JoinColumn(name = "owner_id")
-	)
+			)
 	public Set<String> getScopes() {
 		return scopes;
 	}

openid-connect-common/src/main/java/org/mitre/uma/model/PermissionTicket.java

@@ -141,7 +141,7 @@ public class PermissionTicket {
 			name = "claim_to_permission_ticket",
 			joinColumns = @JoinColumn(name = "permission_ticket_id"),
 			inverseJoinColumns = @JoinColumn(name = "claim_id")
-	)
+			)
 	public Collection<Claim> getClaimsSupplied() {
 		return claimsSupplied;
 	}

openid-connect-common/src/main/java/org/mitre/uma/model/Policy.java

@@ -109,9 +109,9 @@ public class Policy {
 	@ElementCollection(fetch = FetchType.EAGER)
 	@Column(name = "scope")
 	@CollectionTable(
-		name = "policy_scope",
+			name = "policy_scope",
-		joinColumns = @JoinColumn(name = "owner_id")
+			joinColumns = @JoinColumn(name = "owner_id")
-	)
+			)
 	public Set<String> getScopes() {
 		return scopes;
 	}

openid-connect-common/src/main/java/org/mitre/uma/model/ResourceSet.java

@@ -137,9 +137,9 @@ public class ResourceSet {
 	@ElementCollection(fetch = FetchType.EAGER)
 	@Column(name = "scope")
 	@CollectionTable(
-		name = "resource_set_scope",
+			name = "resource_set_scope",
-		joinColumns = @JoinColumn(name = "owner_id")
+			joinColumns = @JoinColumn(name = "owner_id")
-	)
+			)
 	public Set<String> getScopes() {
 		return scopes;
 	}

openid-connect-common/src/main/java/org/mitre/util/JsonUtils.java

@@ -287,19 +287,19 @@ public class JsonUtils {
 			String name = reader.nextName();
 			Object value = null;
 			switch(reader.peek()) {
-			case STRING:
+				case STRING:
-				value = reader.nextString();
+					value = reader.nextString();
-				break;
+					break;
-			case BOOLEAN:
+				case BOOLEAN:
-				value = reader.nextBoolean();
+					value = reader.nextBoolean();
-				break;
+					break;
-			case NUMBER:
+				case NUMBER:
-				value = reader.nextLong();
+					value = reader.nextLong();
-				break;
+					break;
-			default:
+				default:
-				logger.debug("Found unexpected entry");
+					logger.debug("Found unexpected entry");
-				reader.skipValue();
+					reader.skipValue();
-				continue;
+					continue;
 			}
 			map.put(name, value);
 		}
@@ -311,21 +311,21 @@ public class JsonUtils {
 		Set arraySet = null;
 		reader.beginArray();
 		switch (reader.peek()) {
-		case STRING:
+			case STRING:
-			arraySet = new HashSet<>();
+				arraySet = new HashSet<>();
-			while (reader.hasNext()) {
+				while (reader.hasNext()) {
-				arraySet.add(reader.nextString());
+					arraySet.add(reader.nextString());
-			}
+				}
-			break;
+				break;
-		case NUMBER:
+			case NUMBER:
-			arraySet = new HashSet<>();
+				arraySet = new HashSet<>();
-			while (reader.hasNext()) {
+				while (reader.hasNext()) {
-				arraySet.add(reader.nextLong());
+					arraySet.add(reader.nextLong());
-			}
+				}
-			break;
+				break;
-		default:
+			default:
-			arraySet = new HashSet();
+				arraySet = new HashSet();
-			break;
+				break;
 		}
 		reader.endArray();
 		return arraySet;

openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java

@@ -16,48 +16,48 @@
  *******************************************************************************/
 package org.mitre.util.jpa;
 
-import org.mitre.data.PageCriteria;
-
 import java.util.List;
 
 import javax.persistence.EntityManager;
 import javax.persistence.TypedQuery;
 
+import org.mitre.data.PageCriteria;
+
 /**
  * @author mfranklin
  *         Date: 4/28/11
  *         Time: 2:13 PM
  */
 public class JpaUtil {
-    public static <T> T getSingleResult(List<T> list) {
+	public static <T> T getSingleResult(List<T> list) {
 		switch(list.size()) {
-		case 0:
+			case 0:
-			return null;
+				return null;
-		case 1:
+			case 1:
-			return list.get(0);
+				return list.get(0);
-		default:
+			default:
-			throw new IllegalStateException("Expected single result, got " + list.size());
+				throw new IllegalStateException("Expected single result, got " + list.size());
 		}
 	}
 
 
-    /**
+	/**
-     * Get a page of results from the specified TypedQuery
+	 * Get a page of results from the specified TypedQuery
-     * by using the given PageCriteria to limit the query
+	 * by using the given PageCriteria to limit the query
-     * results. The PageCriteria will override any size or
+	 * results. The PageCriteria will override any size or
-     * offset already specified on the query.
+	 * offset already specified on the query.
-     *
+	 *
-     * @param <T>  the type parameter
+	 * @param <T>  the type parameter
-     * @param query the query
+	 * @param query the query
-     * @param pageCriteria the page criteria
+	 * @param pageCriteria the page criteria
-     * @return the list
+	 * @return the list
-     */
+	 */
-    public static <T> List<T> getResultPage(TypedQuery<T> query, PageCriteria pageCriteria){
+	public static <T> List<T> getResultPage(TypedQuery<T> query, PageCriteria pageCriteria){
-        query.setMaxResults(pageCriteria.getPageSize());
+		query.setMaxResults(pageCriteria.getPageSize());
-        query.setFirstResult(pageCriteria.getPageNumber()*pageCriteria.getPageSize());
+		query.setFirstResult(pageCriteria.getPageNumber()*pageCriteria.getPageSize());
 
-        return query.getResultList();
+		return query.getResultList();
-    }
+	}
 
 	public static <T, I> T saveOrUpdate(I id, EntityManager entityManager, T entity) {
 		T tmp = entityManager.merge(entity);

openid-connect-common/src/test/java/org/mitre/data/AbstractPageOperationTemplateTest.java

@@ -1,13 +1,13 @@
 package org.mitre.data;
 
-import org.junit.Before;
-import org.junit.Ignore;
-import org.junit.Test;
-
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
@@ -17,204 +17,200 @@ import static org.junit.Assert.assertTrue;
  */
 public class AbstractPageOperationTemplateTest {
 
-    @Before
+	@Before
-    public void setUp() throws Exception {
+	public void setUp() throws Exception {
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_zeropages() {
+	public void execute_zeropages() {
-        CountingPageOperation op = new CountingPageOperation(0,Long.MAX_VALUE);
+		CountingPageOperation op = new CountingPageOperation(0,Long.MAX_VALUE);
-        op.execute();
+		op.execute();
 
-        assertEquals(0L, op.counter);
+		assertEquals(0L, op.counter);
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_singlepage() {
+	public void execute_singlepage() {
-        CountingPageOperation op = new CountingPageOperation(1,Long.MAX_VALUE);
+		CountingPageOperation op = new CountingPageOperation(1,Long.MAX_VALUE);
-        op.execute();
+		op.execute();
 
-        assertEquals(10L, op.counter);
+		assertEquals(10L, op.counter);
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_negpage() {
+	public void execute_negpage() {
-        CountingPageOperation op = new CountingPageOperation(-1,Long.MAX_VALUE);
+		CountingPageOperation op = new CountingPageOperation(-1,Long.MAX_VALUE);
-        op.execute();
+		op.execute();
 
-        assertEquals(0L, op.counter);
+		assertEquals(0L, op.counter);
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_npage(){
+	public void execute_npage(){
-        int n = 7;
+		int n = 7;
-        CountingPageOperation op = new CountingPageOperation(n,Long.MAX_VALUE);
+		CountingPageOperation op = new CountingPageOperation(n,Long.MAX_VALUE);
-        op.execute();
+		op.execute();
 
-        assertEquals(n*10L, op.counter);
+		assertEquals(n*10L, op.counter);
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_nullpage(){
+	public void execute_nullpage(){
-        CountingPageOperation op = new NullPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
+		CountingPageOperation op = new NullPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
-        op.execute();
+		op.execute();
 
-        assertEquals(0L, op.getCounter());
+		assertEquals(0L, op.getCounter());
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_emptypage(){
+	public void execute_emptypage(){
-        CountingPageOperation op = new EmptyPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
+		CountingPageOperation op = new EmptyPageCountingPageOperation(Integer.MAX_VALUE, Long.MAX_VALUE);
-        op.execute();
+		op.execute();
 
-        assertEquals(0L, op.getCounter());
+		assertEquals(0L, op.getCounter());
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_zerotime(){
+	public void execute_zerotime(){
-        CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,0L);
+		CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,0L);
-        op.execute();
+		op.execute();
 
-        assertEquals(0L, op.getCounter());
+		assertEquals(0L, op.getCounter());
-        assertEquals(0L, op.getTimeToLastFetch());
+		assertEquals(0L, op.getTimeToLastFetch());
-    }
+	}
 
-    /*
+	/*
-    * This is a valid test however it is vulnerable to a race condition
+	 * This is a valid test however it is vulnerable to a race condition
-    * as such it is being ignored.
+	 * as such it is being ignored.
-     */
+	 */
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    @Ignore
+	@Ignore
-    public void execute_nonzerotime(){
+	public void execute_nonzerotime(){
-        Long timeMillis = 200L;
+		Long timeMillis = 200L;
-        CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
+		CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
-        op.execute();
+		op.execute();
 
-        assertFalse("last fetch time " + op.getTimeToLastFetch() + "" +
+		assertFalse("last fetch time " + op.getTimeToLastFetch() + "" +
-                        " and previous fetch time  " + op.getTimeToPreviousFetch() +
+				" and previous fetch time  " + op.getTimeToPreviousFetch() +
-                        " exceed max time" + timeMillis,
+				" exceed max time" + timeMillis,
-                op.getTimeToLastFetch() > timeMillis
+				op.getTimeToLastFetch() > timeMillis
-                        && op.getTimeToPreviousFetch() > timeMillis);
+				&& op.getTimeToPreviousFetch() > timeMillis);
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_negtime(){
+	public void execute_negtime(){
-        Long timeMillis = -100L;
+		Long timeMillis = -100L;
-        CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
+		CountingPageOperation op = new CountingPageOperation(Integer.MAX_VALUE,timeMillis);
-        op.execute();
+		op.execute();
 
-        assertEquals(0L, op.getCounter());
+		assertEquals(0L, op.getCounter());
-    }
+	}
 
-    @Test(timeout = 1000L)
+	@Test(timeout = 1000L)
-    public void execute_swallowException(){
+	public void execute_swallowException(){
-        CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
+		CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
-        op.execute();
+		op.execute();
 
-        assertTrue(op.isSwallowExceptions());
+		assertTrue(op.isSwallowExceptions());
-        assertEquals(5L, op.getCounter());
+		assertEquals(5L, op.getCounter());
-    }
+	}
 
-    @Test(expected = IllegalStateException.class)
+	@Test(expected = IllegalStateException.class)
-    public void execute_noSwallowException(){
+	public void execute_noSwallowException(){
-        CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
+		CountingPageOperation op = new EvenExceptionCountingPageOperation(1, 1000L);
-        op.setSwallowExceptions(false);
+		op.setSwallowExceptions(false);
 
-        try {
+		try {
-            op.execute();
+			op.execute();
-        }finally {
+		}finally {
-            assertEquals(1L, op.getCounter());
+			assertEquals(1L, op.getCounter());
-        }
+		}
-    }
+	}
 
 
-    private static class CountingPageOperation extends AbstractPageOperationTemplate<String>{
+	private static class CountingPageOperation extends AbstractPageOperationTemplate<String>{
 
-        private int currentPageFetch;
+		private int currentPageFetch;
-        private int pageSize = 10;
+		private int pageSize = 10;
-        private long counter = 0L;
+		private long counter = 0L;
-        private long startTime;
+		private long startTime;
-        private long timeToLastFetch;
+		private long timeToLastFetch;
-        private long timeToPreviousFetch;
+		private long timeToPreviousFetch;
 
-        private CountingPageOperation(int maxPages, long maxTime) {
+		private CountingPageOperation(int maxPages, long maxTime) {
-            super(maxPages, maxTime, "CountingPageOperation");
+			super(maxPages, maxTime, "CountingPageOperation");
-            startTime = System.currentTimeMillis();
+			startTime = System.currentTimeMillis();
-        }
+		}
 
-        @Override
+		@Override
-        public Collection<String> fetchPage() {
+		public Collection<String> fetchPage() {
-            timeToPreviousFetch = timeToLastFetch > 0 ? timeToLastFetch : 0;
+			timeToPreviousFetch = timeToLastFetch > 0 ? timeToLastFetch : 0;
-            timeToLastFetch = System.currentTimeMillis() - startTime;
+			timeToLastFetch = System.currentTimeMillis() - startTime;
 
-            List<String> page = new ArrayList<String>(pageSize);
+			List<String> page = new ArrayList<String>(pageSize);
-            for(int i = 0; i < pageSize; i++ ) {
+			for(int i = 0; i < pageSize; i++ ) {
-                page.add("item " + currentPageFetch * pageSize + i);
+				page.add("item " + currentPageFetch * pageSize + i);
-            }
+			}
-            currentPageFetch++;
+			currentPageFetch++;
-            return page;
+			return page;
-        }
+		}
 
-        @Override
+		@Override
-        protected void doOperation(String item) {
+		protected void doOperation(String item) {
-            counter++;
+			counter++;
-        }
+		}
 
-        public long getCounter() {
+		public long getCounter() {
-            return counter;
+			return counter;
-        }
+		}
 
-        public long getTimeToLastFetch() {
+		public long getTimeToLastFetch() {
-            return timeToLastFetch;
+			return timeToLastFetch;
-        }
+		}
 
-        public long getTimeToPreviousFetch() {
+		public long getTimeToPreviousFetch() {
-            return timeToPreviousFetch;
+			return timeToPreviousFetch;
-        }
+		}
+	}
 
-        public long getStartTime(){
+	private static class NullPageCountingPageOperation extends CountingPageOperation {
-            return startTime;
+		private NullPageCountingPageOperation(int maxPages, long maxTime) {
-        }
+			super(maxPages, maxTime);
-    }
+		}
 
-    private static class NullPageCountingPageOperation extends CountingPageOperation {
+		@Override
-        private NullPageCountingPageOperation(int maxPages, long maxTime) {
+		public Collection<String> fetchPage() {
-            super(maxPages, maxTime);
+			return null;
-        }
+		}
+	}
 
-        @Override
+	private static class EmptyPageCountingPageOperation extends CountingPageOperation {
-        public Collection<String> fetchPage() {
+		private EmptyPageCountingPageOperation(int maxPages, long maxTime) {
-            return null;
+			super(maxPages, maxTime);
-        }
+		}
-    }
 
-    private static class EmptyPageCountingPageOperation extends CountingPageOperation {
+		@Override
-        private EmptyPageCountingPageOperation(int maxPages, long maxTime) {
+		public Collection<String> fetchPage() {
-            super(maxPages, maxTime);
+			return new ArrayList<>(0);
-        }
+		}
+	}
 
-        @Override
+	private static class EvenExceptionCountingPageOperation extends CountingPageOperation {
-        public Collection<String> fetchPage() {
-            return new ArrayList<>(0);
-        }
-    }
 
-    private static class EvenExceptionCountingPageOperation extends CountingPageOperation {
+		private int callCounter;
+		private EvenExceptionCountingPageOperation(int maxPages, long maxTime) {
+			super(maxPages, maxTime);
+		}
 
-        private int callCounter;
+		@Override
-        private EvenExceptionCountingPageOperation(int maxPages, long maxTime) {
+		protected void doOperation(String item) {
-            super(maxPages, maxTime);
+			callCounter++;
-        }
+			if(callCounter%2 == 0){
+				throw new IllegalStateException("even number items cannot be processed");
+			}
 
-        @Override
+			super.doOperation(item);
-        protected void doOperation(String item) {
-            callCounter++;
-            if(callCounter%2 == 0){
-                throw new IllegalStateException("even number items cannot be processed");
-            }
 
-            super.doOperation(item);
+		}
-
+	}
-        }
-    }
 }

openid-connect-common/src/test/java/org/mitre/jose/TestJWKSetKeyStore.java

@@ -50,35 +50,35 @@ public class TestJWKSetKeyStore {
 	private String RSAkid = "rsa_1";
 	private JWK RSAjwk = new RSAKey(
 			new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
-				"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
+					"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
-				"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
+					"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
-				"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
+					"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
-				"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
+					"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
-				"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
+					"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
 			new Base64URL("AQAB"), // e
 			new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
-				"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
+					"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
-				"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
+					"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
-				"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
+					"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
-				"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
+					"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
-				"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
+					"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
 			KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null);
 
 	private String RSAkid_rsa2 = "rsa_2";
 	private JWK RSAjwk_rsa2 = new RSAKey(
 			new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
-				"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
+					"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
-				"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
+					"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
-				"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
+					"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
-				"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
+					"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
-				"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
+					"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
 			new Base64URL("AQAB"), // e
 			new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
-				"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
+					"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
-				"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
+					"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
-				"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
+					"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
-				"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
+					"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
-				"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
+					"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
 			KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_rsa2, null, null, null);
 
 

openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java

@@ -93,35 +93,35 @@ public class TestDefaultJWTEncryptionAndDecryptionService {
 	private String RSAkid = "rsa321";
 	private JWK RSAjwk = new RSAKey(
 			new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
-				"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
+					"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
-				"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
+					"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
-				"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
+					"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
-				"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
+					"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
-				"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
+					"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
 			new Base64URL("AQAB"), // e
 			new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
-				"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
+					"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
-				"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
+					"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
-				"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
+					"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
-				"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
+					"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
-				"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
+					"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
 			KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA_OAEP, RSAkid, null, null, null);
 
 	private String RSAkid_2 = "rsa3210";
 	private JWK RSAjwk_2 = new RSAKey(
 			new Base64URL("oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" +
-				"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
+					"cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" +
-				"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
+					"psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" +
-				"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
+					"sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" +
-				"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
+					"tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" +
-				"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
+					"YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"), // n
 			new Base64URL("AQAB"), // e
 			new Base64URL("kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" +
-				"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
+					"WV5KntaEeXS1j82E375xxhWMHXyvjYecPT9fpwR_M9gV8n9Hrh2anTpTD9" +
-				"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
+					"3Dt62ypW3yDsJzBnTnrYu1iwWRgBKrEYY46qAZIrA2xAwnm2X7uGR1hghk" +
-				"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
+					"qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" +
-				"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
+					"t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" +
-				"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
+					"VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"), // d
 			KeyUse.ENCRYPTION, null, JWEAlgorithm.RSA1_5, RSAkid_2, null, null, null);
 
 	private String AESkid = "aes123";
@@ -165,9 +165,9 @@ public class TestDefaultJWTEncryptionAndDecryptionService {
 		service_4 = new DefaultJWTEncryptionAndDecryptionService(keys_4);
 
 		claimsSet = new JWTClaimsSet.Builder()
-			.issuer(issuer)
+				.issuer(issuer)
-			.subject(subject)
+				.subject(subject)
-			.build();
+				.build();
 
 		// Key Store
 

openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java

@@ -54,27 +54,27 @@ public class WebfingerView extends AbstractView {
 	private static final Logger logger = LoggerFactory.getLogger(WebfingerView.class);
 
 	private Gson gson = new GsonBuilder()
-	.setExclusionStrategies(new ExclusionStrategy() {
+			.setExclusionStrategies(new ExclusionStrategy() {
 
-		@Override
+				@Override
-		public boolean shouldSkipField(FieldAttributes f) {
+				public boolean shouldSkipField(FieldAttributes f) {
 
-			return false;
+					return false;
-		}
+				}
 
-		@Override
+				@Override
-		public boolean shouldSkipClass(Class<?> clazz) {
+				public boolean shouldSkipClass(Class<?> clazz) {
-			// skip the JPA binding wrapper
+					// skip the JPA binding wrapper
-			if (clazz.equals(BeanPropertyBindingResult.class)) {
+					if (clazz.equals(BeanPropertyBindingResult.class)) {
-				return true;
+						return true;
-			}
+					}
-			return false;
+					return false;
-		}
+				}
 
-	})
+			})
-	.serializeNulls()
+			.serializeNulls()
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-	.create();
+			.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java

@@ -291,8 +291,8 @@ public class DiscoveryEndpoint {
 			baseUrl = baseUrl.concat("/");
 		}
 
-		Collection<JWSAlgorithm> serverSigningAlgs = signService.getAllSigningAlgsSupported();
+		signService.getAllSigningAlgsSupported();
-		Collection<JWSAlgorithm> clientSymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512);
+		Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512);
 		Collection<JWSAlgorithm> clientSymmetricAndAsymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512,
 				JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512,
 				JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512,

openid-connect-server/src/main/java/org/mitre/oauth2/assertion/impl/DirectCopyRequestFactory.java

@@ -18,7 +18,6 @@
 package org.mitre.oauth2.assertion.impl;
 
 import java.text.ParseException;
-import java.util.List;
 import java.util.Set;
 
 import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory;

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java

@@ -70,15 +70,15 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe
 	@Override
 	@Transactional(value="defaultTransactionManager")
 	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders() {
-        DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS);
+		DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0,MAXEXPIREDRESULTS);
-        return getOrphanedAuthenticationHolders(pageCriteria);
+		return getOrphanedAuthenticationHolders(pageCriteria);
 	}
 
-    @Override
+	@Override
-    @Transactional(value="defaultTransactionManager")
+	@Transactional(value="defaultTransactionManager")
-    public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria) {
+	public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria pageCriteria) {
-        TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class);
+		TypedQuery<AuthenticationHolderEntity> query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class);
-        return JpaUtil.getResultPage(query, pageCriteria);
+		return JpaUtil.getResultPage(query, pageCriteria);
-    }
+	}
 
 }

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java

@@ -92,12 +92,12 @@ public class JpaAuthorizationCodeRepository implements AuthorizationCodeReposito
 	}
 
 
-    @Override
+	@Override
-    public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria) {
+	public Collection<AuthorizationCodeEntity> getExpiredCodes(PageCriteria pageCriteria) {
-        TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
+		TypedQuery<AuthorizationCodeEntity> query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_EXPIRATION_BY_DATE, AuthorizationCodeEntity.class);
-        query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
+		query.setParameter(AuthorizationCodeEntity.PARAM_DATE, new Date()); // this gets anything that's already expired
-        return JpaUtil.getResultPage(query, pageCriteria);
+		return JpaUtil.getResultPage(query, pageCriteria);
-    }
+	}
 
 
 

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaDeviceCodeRepository.java

@@ -24,8 +24,6 @@ import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
 
 import java.util.Collection;
 import java.util.Date;
-import java.util.LinkedHashSet;
-import java.util.Set;
 
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java

@@ -191,29 +191,29 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository {
 
 	@Override
 	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens() {
-        DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
+		DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
-        return getAllExpiredAccessTokens(pageCriteria);
+		return getAllExpiredAccessTokens(pageCriteria);
 	}
 
-    @Override
+	@Override
-    public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria) {
+	public Set<OAuth2AccessTokenEntity> getAllExpiredAccessTokens(PageCriteria pageCriteria) {
-        TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class);
+		TypedQuery<OAuth2AccessTokenEntity> query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class);
-        query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
+		query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
-        return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
+		return new LinkedHashSet<>(JpaUtil.getResultPage(query, pageCriteria));
-    }
+	}
 
 	@Override
 	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens() {
-        DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
+		DefaultPageCriteria pageCriteria = new DefaultPageCriteria(0, MAXEXPIREDRESULTS);
-        return getAllExpiredRefreshTokens(pageCriteria);
+		return getAllExpiredRefreshTokens(pageCriteria);
 	}
 
-    @Override
+	@Override
-    public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria) {
+	public Set<OAuth2RefreshTokenEntity> getAllExpiredRefreshTokens(PageCriteria pageCriteria) {
-        TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2RefreshTokenEntity.class);
+		TypedQuery<OAuth2RefreshTokenEntity> query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2RefreshTokenEntity.class);
-        query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
+		query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date());
-        return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
+		return new LinkedHashSet<>(JpaUtil.getResultPage(query,pageCriteria));
-    }
+	}
 
 
 

openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java

@@ -19,6 +19,9 @@
  */
 package org.mitre.oauth2.repository.impl;
 
+import static org.mitre.util.jpa.JpaUtil.getSingleResult;
+import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+
 import java.util.LinkedHashSet;
 import java.util.Set;
 
@@ -31,9 +34,6 @@ import org.mitre.oauth2.repository.SystemScopeRepository;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
-import static org.mitre.util.jpa.JpaUtil.getSingleResult;
-import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
-
 /**
  * @author jricher
  *

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultDeviceCodeService.java

@@ -24,7 +24,6 @@ import java.util.Set;
 
 import org.mitre.data.AbstractPageOperationTemplate;
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
-import org.mitre.oauth2.model.AuthorizationCodeEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.DeviceCode;
 import org.mitre.oauth2.repository.impl.DeviceCodeRepository;
@@ -114,17 +113,17 @@ public class DefaultDeviceCodeService implements DeviceCodeService {
 	@Transactional(value="defaultTransactionManager")
 	public void clearExpiredDeviceCodes() {
 
-        new AbstractPageOperationTemplate<DeviceCode>("clearExpiredDeviceCodes"){
+		new AbstractPageOperationTemplate<DeviceCode>("clearExpiredDeviceCodes"){
-            @Override
+			@Override
-            public Collection<DeviceCode> fetchPage() {
+			public Collection<DeviceCode> fetchPage() {
-                return repository.getExpiredCodes();
+				return repository.getExpiredCodes();
-            }
+			}
 
-            @Override
+			@Override
-            protected void doOperation(DeviceCode item) {
+			protected void doOperation(DeviceCode item) {
-                repository.remove(item);
+				repository.remove(item);
-            }
+			}
-        }.execute();
+		}.execute();
 	}
 
 }

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java

@@ -16,6 +16,8 @@
  *******************************************************************************/
 package org.mitre.oauth2.service.impl;
 
+import static com.google.common.collect.Maps.newLinkedHashMap;
+
 import java.text.ParseException;
 import java.util.Map;
 import java.util.Set;
@@ -33,8 +35,6 @@ import org.springframework.stereotype.Service;
 import com.google.common.base.Joiner;
 import com.google.common.collect.Sets;
 
-import static com.google.common.collect.Maps.newLinkedHashMap;
-
 /**
  * Default implementation of the {@link IntrospectionResultAssembler} interface.
  */

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java

@@ -117,17 +117,17 @@ public class DefaultOAuth2AuthorizationCodeService implements AuthorizationCodeS
 	@Transactional(value="defaultTransactionManager")
 	public void clearExpiredAuthorizationCodes() {
 
-        new AbstractPageOperationTemplate<AuthorizationCodeEntity>("clearExpiredAuthorizationCodes"){
+		new AbstractPageOperationTemplate<AuthorizationCodeEntity>("clearExpiredAuthorizationCodes"){
-            @Override
+			@Override
-            public Collection<AuthorizationCodeEntity> fetchPage() {
+			public Collection<AuthorizationCodeEntity> fetchPage() {
-                return repository.getExpiredCodes();
+				return repository.getExpiredCodes();
-            }
+			}
 
-            @Override
+			@Override
-            protected void doOperation(AuthorizationCodeEntity item) {
+			protected void doOperation(AuthorizationCodeEntity item) {
-                repository.remove(item);
+				repository.remove(item);
-            }
+			}
-        }.execute();
+		}.execute();
 	}
 
 	/**

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java

@@ -492,41 +492,41 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	public void clearExpiredTokens() {
 		logger.debug("Cleaning out all expired tokens");
 
-        new AbstractPageOperationTemplate<OAuth2AccessTokenEntity>("clearExpiredAccessTokens") {
+		new AbstractPageOperationTemplate<OAuth2AccessTokenEntity>("clearExpiredAccessTokens") {
-            @Override
+			@Override
-            public Collection<OAuth2AccessTokenEntity> fetchPage() {
+			public Collection<OAuth2AccessTokenEntity> fetchPage() {
-                return tokenRepository.getAllExpiredAccessTokens(new DefaultPageCriteria());
+				return tokenRepository.getAllExpiredAccessTokens(new DefaultPageCriteria());
-            }
+			}
 
-            @Override
+			@Override
-            public void doOperation(OAuth2AccessTokenEntity item) {
+			public void doOperation(OAuth2AccessTokenEntity item) {
-                revokeAccessToken(item);
+				revokeAccessToken(item);
-            }
+			}
-        }.execute();
+		}.execute();
 
-        new AbstractPageOperationTemplate<OAuth2RefreshTokenEntity>("clearExpiredRefreshTokens") {
+		new AbstractPageOperationTemplate<OAuth2RefreshTokenEntity>("clearExpiredRefreshTokens") {
-            @Override
+			@Override
-            public Collection<OAuth2RefreshTokenEntity> fetchPage() {
+			public Collection<OAuth2RefreshTokenEntity> fetchPage() {
-                return tokenRepository.getAllExpiredRefreshTokens(new DefaultPageCriteria());
+				return tokenRepository.getAllExpiredRefreshTokens(new DefaultPageCriteria());
-            }
+			}
 
-            @Override
+			@Override
-            public void doOperation(OAuth2RefreshTokenEntity item) {
+			public void doOperation(OAuth2RefreshTokenEntity item) {
-                revokeRefreshToken(item);
+				revokeRefreshToken(item);
-            }
+			}
-        }.execute();
+		}.execute();
 
-        new AbstractPageOperationTemplate<AuthenticationHolderEntity>("clearExpiredAuthenticationHolders") {
+		new AbstractPageOperationTemplate<AuthenticationHolderEntity>("clearExpiredAuthenticationHolders") {
-            @Override
+			@Override
-            public Collection<AuthenticationHolderEntity> fetchPage() {
+			public Collection<AuthenticationHolderEntity> fetchPage() {
-                return authenticationHolderRepository.getOrphanedAuthenticationHolders(new DefaultPageCriteria());
+				return authenticationHolderRepository.getOrphanedAuthenticationHolders(new DefaultPageCriteria());
-            }
+			}
 
-            @Override
+			@Override
-            public void doOperation(AuthenticationHolderEntity item) {
+			public void doOperation(AuthenticationHolderEntity item) {
-                authenticationHolderRepository.remove(item);
+				authenticationHolderRepository.remove(item);
-            }
+			}
-        }.execute();
+		}.execute();
 	}
 
 	/* (non-Javadoc)

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java

@@ -20,7 +20,6 @@
 package org.mitre.oauth2.service.impl;
 
 import java.util.LinkedHashSet;
-import java.util.List;
 import java.util.Set;
 
 import org.mitre.oauth2.model.SystemScope;
@@ -30,13 +29,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import com.google.common.base.Function;
-import com.google.common.base.Joiner;
 import com.google.common.base.Predicate;
 import com.google.common.base.Predicates;
-import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
 import com.google.common.collect.Collections2;
-import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 
 /**

openid-connect-server/src/main/java/org/mitre/oauth2/token/JWTAssertionTokenGranter.java

@@ -22,12 +22,10 @@ package org.mitre.oauth2.token;
 import java.text.ParseException;
 
 import org.mitre.jwt.assertion.AssertionValidator;
-import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
 import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.openid.connect.assertion.JWTBearerAssertionAuthenticationToken;
-import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.core.AuthenticationException;
@@ -51,15 +49,6 @@ public class JWTAssertionTokenGranter extends AbstractTokenGranter {
 
 	private static final String grantType = "urn:ietf:params:oauth:grant-type:jwt-bearer";
 
-	// keep down-cast versions so we can get to the right queries
-	private OAuth2TokenEntityService tokenServices;
-
-	@Autowired
-	private JWTSigningAndValidationService jwtService;
-
-	@Autowired
-	private ConfigurationPropertiesBean config;
-	
 	@Autowired
 	@Qualifier("jwtAssertionValidator")
 	private AssertionValidator validator;
@@ -70,7 +59,6 @@ public class JWTAssertionTokenGranter extends AbstractTokenGranter {
 	@Autowired
 	public JWTAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService, OAuth2RequestFactory requestFactory) {
 		super(tokenServices, clientDetailsService, requestFactory, grantType);
-		this.tokenServices = tokenServices;
 	}
 
 	/* (non-Javadoc)

openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java

@@ -56,71 +56,71 @@ public class TokenApiView extends AbstractView {
 	private static final Logger logger = LoggerFactory.getLogger(TokenApiView.class);
 
 	private Gson gson = new GsonBuilder()
-	.setExclusionStrategies(new ExclusionStrategy() {
+			.setExclusionStrategies(new ExclusionStrategy() {
 
-		@Override
+				@Override
-		public boolean shouldSkipField(FieldAttributes f) {
+				public boolean shouldSkipField(FieldAttributes f) {
-			return false;
+					return false;
-		}
+				}
 
-		@Override
+				@Override
-		public boolean shouldSkipClass(Class<?> clazz) {
+				public boolean shouldSkipClass(Class<?> clazz) {
-			// skip the JPA binding wrapper
+					// skip the JPA binding wrapper
-			if (clazz.equals(BeanPropertyBindingResult.class)) {
+					if (clazz.equals(BeanPropertyBindingResult.class)) {
-				return true;
+						return true;
-			}
+					}
-			return false;
+					return false;
-		}
+				}
 
-	})
+			})
-	.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
+			.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
 
-		@Override
+				@Override
-		public JsonElement serialize(OAuth2AccessTokenEntity src,
+				public JsonElement serialize(OAuth2AccessTokenEntity src,
-				Type typeOfSrc, JsonSerializationContext context) {
+						Type typeOfSrc, JsonSerializationContext context) {
 
 
-			JsonObject o = new JsonObject();
+					JsonObject o = new JsonObject();
 
-			o.addProperty("value", src.getValue());
+					o.addProperty("value", src.getValue());
-			o.addProperty("id", src.getId());
+					o.addProperty("id", src.getId());
-			o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null);
+					o.addProperty("refreshTokenId", src.getRefreshToken() != null ? src.getRefreshToken().getId() : null);
 
-			o.add("scopes", context.serialize(src.getScope()));
+					o.add("scopes", context.serialize(src.getScope()));
 
-			o.addProperty("clientId", src.getClient().getClientId());
+					o.addProperty("clientId", src.getClient().getClientId());
-			o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
+					o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
 
-			o.add("expiration", context.serialize(src.getExpiration()));
+					o.add("expiration", context.serialize(src.getExpiration()));
 
-			return o;
+					return o;
-		}
+				}
 
-	})
+			})
-	.registerTypeAdapter(OAuth2RefreshTokenEntity.class, new JsonSerializer<OAuth2RefreshTokenEntity>() {
+			.registerTypeAdapter(OAuth2RefreshTokenEntity.class, new JsonSerializer<OAuth2RefreshTokenEntity>() {
 
-		@Override
+				@Override
-		public JsonElement serialize(OAuth2RefreshTokenEntity src,
+				public JsonElement serialize(OAuth2RefreshTokenEntity src,
-				Type typeOfSrc, JsonSerializationContext context) {
+						Type typeOfSrc, JsonSerializationContext context) {
-			JsonObject o = new JsonObject();
+					JsonObject o = new JsonObject();
 
-			o.addProperty("value", src.getValue());
+					o.addProperty("value", src.getValue());
-			o.addProperty("id", src.getId());
+					o.addProperty("id", src.getId());
 
-			o.add("scopes", context.serialize(src.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()));
+					o.add("scopes", context.serialize(src.getAuthenticationHolder().getAuthentication().getOAuth2Request().getScope()));
 
-			o.addProperty("clientId", src.getClient().getClientId());
+					o.addProperty("clientId", src.getClient().getClientId());
-			o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
+					o.addProperty("userId", src.getAuthenticationHolder().getAuthentication().getName());
 
-			o.add("expiration", context.serialize(src.getExpiration()));
+					o.add("expiration", context.serialize(src.getExpiration()));
 
-			return o;
+					return o;
-		}
+				}
 
-	})
+			})
-	.serializeNulls()
+			.serializeNulls()
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-	.create();
+			.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

openid-connect-server/src/main/java/org/mitre/oauth2/web/DeviceEndpoint.java

@@ -46,7 +46,6 @@ import org.springframework.http.MediaType;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
-import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
@@ -59,7 +58,6 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 
-import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Sets;
 
 /**
@@ -142,7 +140,7 @@ public class DeviceEndpoint {
 		// create a user code, should be random but small and typable
 		String userCode = randomGenerator.generate();
 
-		DeviceCode dc = deviceCodeService.createNewDeviceCode(deviceCode, userCode, requestedScopes, client, parameters);
+		deviceCodeService.createNewDeviceCode(deviceCode, userCode, requestedScopes, client, parameters);
 
 		Map<String, Object> response = new HashMap<>();
 		response.put("device_code", deviceCode);

openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java

@@ -16,6 +16,8 @@
  *******************************************************************************/
 package org.mitre.oauth2.web;
 
+import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
+
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Map;
@@ -49,8 +51,6 @@ import org.springframework.web.bind.annotation.RequestParam;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableMap;
 
-import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
-
 @Controller
 public class IntrospectionEndpoint {
 

openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java

@@ -19,6 +19,9 @@
  */
 package org.mitre.oauth2.web;
 
+import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR;
+
 import java.net.URISyntaxException;
 import java.security.Principal;
 import java.util.Date;
@@ -57,9 +60,6 @@ import com.google.common.base.Strings;
 import com.google.common.collect.Sets;
 import com.google.gson.JsonObject;
 
-import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
-import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR;
-
 /**
  * @author jricher
  *

openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java

@@ -18,8 +18,6 @@ package org.mitre.oauth2.web;
 
 import static org.mitre.oauth2.web.AuthenticationUtilities.ensureOAuthScope;
 
-import java.util.Collection;
-
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
@@ -27,7 +25,6 @@ import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.view.HttpCodeView;
-import org.mitre.uma.model.ResourceSet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -36,7 +33,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;

openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAuthenticationProvider.java

@@ -119,10 +119,10 @@ public class JWTBearerAuthenticationProvider implements AuthenticationProvider {
 								|| alg.equals(JWSAlgorithm.PS256)
 								|| alg.equals(JWSAlgorithm.PS384)
 								|| alg.equals(JWSAlgorithm.PS512)))
-					|| (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT) &&
+						|| (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT) &&
-						(alg.equals(JWSAlgorithm.HS256)
+								(alg.equals(JWSAlgorithm.HS256)
-								|| alg.equals(JWSAlgorithm.HS384)
+										|| alg.equals(JWSAlgorithm.HS384)
-								|| alg.equals(JWSAlgorithm.HS512)))) {
+										|| alg.equals(JWSAlgorithm.HS512)))) {
 
 					// double-check the method is asymmetrical if we're in HEART mode
 					if (config.isHeartMode() && !client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY)) {

openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java

@@ -19,7 +19,15 @@
  */
 package org.mitre.openid.connect.filter;
 
-import static org.mitre.openid.connect.request.ConnectRequestParameters.*;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.ERROR;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_REQUIRED;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_LOGIN;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_NONE;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE;
 
 import java.io.IOException;
 import java.net.URISyntaxException;

openid-connect-server/src/main/java/org/mitre/openid/connect/filter/MultiUrlRequestMatcher.java

@@ -27,8 +27,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
-import com.google.common.collect.ImmutableSet;
-
 /**
  * @author jricher
  *

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java

@@ -16,6 +16,8 @@
  *******************************************************************************/
 package org.mitre.openid.connect.repository.impl;
 
+import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+
 import java.util.Collection;
 
 import javax.persistence.EntityManager;
@@ -27,8 +29,6 @@ import org.mitre.openid.connect.repository.ApprovedSiteRepository;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
-import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
-
 /**
  * JPA ApprovedSite repository implementation
  *

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java

@@ -19,6 +19,8 @@
  */
 package org.mitre.openid.connect.repository.impl;
 
+import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+
 import java.util.Collection;
 
 import javax.persistence.EntityManager;
@@ -30,8 +32,6 @@ import org.mitre.openid.connect.repository.BlacklistedSiteRepository;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
-import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
-
 /**
  * @author jricher
  *

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java

@@ -19,6 +19,9 @@
  */
 package org.mitre.openid.connect.repository.impl;
 
+import static org.mitre.util.jpa.JpaUtil.getSingleResult;
+import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
 import javax.persistence.TypedQuery;
@@ -28,9 +31,6 @@ import org.mitre.openid.connect.repository.PairwiseIdentifierRepository;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
-import static org.mitre.util.jpa.JpaUtil.getSingleResult;
-import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
-
 /**
  * @author jricher
  *

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java

@@ -16,6 +16,8 @@
  *******************************************************************************/
 package org.mitre.openid.connect.repository.impl;
 
+import static org.mitre.util.jpa.JpaUtil.getSingleResult;
+
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
 import javax.persistence.TypedQuery;
@@ -25,8 +27,6 @@ import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.repository.UserInfoRepository;
 import org.springframework.stereotype.Repository;
 
-import static org.mitre.util.jpa.JpaUtil.getSingleResult;
-
 /**
  * JPA UserInfo repository implementation
  *

openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java

@@ -16,6 +16,8 @@
  *******************************************************************************/
 package org.mitre.openid.connect.repository.impl;
 
+import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
+
 import java.util.Collection;
 
 import javax.persistence.EntityManager;
@@ -28,8 +30,6 @@ import org.mitre.util.jpa.JpaUtil;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
-import static org.mitre.util.jpa.JpaUtil.saveOrUpdate;
-
 /**
  * JPA WhitelistedSite repository implementation
  *

openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java

@@ -17,9 +17,11 @@
 package org.mitre.openid.connect.request;
 
 
-import static org.mitre.openid.connect.request.ConnectRequestParameters.*;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.AUD;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.CLAIMS;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE;
+import static org.mitre.openid.connect.request.ConnectRequestParameters.CODE_CHALLENGE_METHOD;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT;
 import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE;
@@ -43,7 +45,6 @@ import org.mitre.jwt.signer.service.impl.ClientKeyCacheService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.PKCEAlgorithm;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
-import org.mitre.oauth2.service.SystemScopeService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -81,9 +82,6 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
 	@Autowired
 	private ClientKeyCacheService validators;
 
-	@Autowired
-	private SystemScopeService systemScopes;
-
 	@Autowired
 	private JWTEncryptionAndDecryptionService encryptionService;
 
@@ -179,7 +177,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
 	 *
 	 * @param jwtString
 	 * @param request
-     */
+	 */
 	private void processRequestObject(String jwtString, AuthorizationRequest request) {
 
 		// parse the request object

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java

@@ -271,12 +271,12 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
 		token.setAuthenticationHolder(authHolder);
 
 		JWTClaimsSet claims = new JWTClaimsSet.Builder()
-			.audience(Lists.newArrayList(client.getClientId()))
+				.audience(Lists.newArrayList(client.getClientId()))
-			.issuer(configBean.getIssuer())
+				.issuer(configBean.getIssuer())
-			.issueTime(new Date())
+				.issueTime(new Date())
-			.expirationTime(token.getExpiration())
+				.expirationTime(token.getExpiration())
-			.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
+				.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
-			.build();
+				.build();
 
 		JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
 		JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultScopeClaimTranslationService.java

@@ -17,14 +17,12 @@
 package org.mitre.openid.connect.service.impl;
 
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Set;
 
 import org.mitre.openid.connect.service.ScopeClaimTranslationService;
 import org.springframework.stereotype.Service;
 
 import com.google.common.collect.HashMultimap;
-import com.google.common.collect.Maps;
 import com.google.common.collect.SetMultimap;
 
 /**

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java

@@ -26,8 +26,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
-import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.model.ClientStat;
 import org.mitre.openid.connect.service.ApprovedSiteService;
@@ -37,8 +35,6 @@ import org.springframework.stereotype.Service;
 
 import com.google.common.base.Supplier;
 import com.google.common.base.Suppliers;
-import com.google.common.collect.HashMultiset;
-import com.google.common.collect.Multiset;
 
 /**
  * @author jricher

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/InMemoryClientLogoLoadingService.java

@@ -23,7 +23,6 @@ import java.util.concurrent.TimeUnit;
 
 import org.apache.commons.io.IOUtils;
 import org.apache.http.HttpEntity;
-import org.apache.http.HttpException;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.methods.HttpGet;
@@ -31,7 +30,6 @@ import org.apache.http.impl.client.HttpClientBuilder;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.openid.connect.model.CachedImage;
 import org.mitre.openid.connect.service.ClientLogoLoadingService;
-import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.stereotype.Service;
 
 import com.google.common.base.Strings;

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java

@@ -16,6 +16,9 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import static org.mitre.util.JsonUtils.readMap;
+import static org.mitre.util.JsonUtils.readSet;
+
 import java.io.IOException;
 import java.text.ParseException;
 import java.util.Collection;
@@ -68,9 +71,6 @@ import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jwt.JWTParser;
-
-import static org.mitre.util.JsonUtils.readMap;
-import static org.mitre.util.JsonUtils.readSet;
 /**
  *
  * Data service to import MITREid 1.0 configuration.
@@ -135,46 +135,46 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 		while (reader.hasNext()) {
 			JsonToken tok = reader.peek();
 			switch (tok) {
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				// find out which member it is
+					// find out which member it is
-				if (name.equals(CLIENTS)) {
+					if (name.equals(CLIENTS)) {
-					readClients(reader);
+						readClients(reader);
-				} else if (name.equals(GRANTS)) {
+					} else if (name.equals(GRANTS)) {
-					readGrants(reader);
+						readGrants(reader);
-				} else if (name.equals(WHITELISTEDSITES)) {
+					} else if (name.equals(WHITELISTEDSITES)) {
-					readWhitelistedSites(reader);
+						readWhitelistedSites(reader);
-				} else if (name.equals(BLACKLISTEDSITES)) {
+					} else if (name.equals(BLACKLISTEDSITES)) {
-					readBlacklistedSites(reader);
+						readBlacklistedSites(reader);
-				} else if (name.equals(AUTHENTICATIONHOLDERS)) {
+					} else if (name.equals(AUTHENTICATIONHOLDERS)) {
-					readAuthenticationHolders(reader);
+						readAuthenticationHolders(reader);
-				} else if (name.equals(ACCESSTOKENS)) {
+					} else if (name.equals(ACCESSTOKENS)) {
-					readAccessTokens(reader);
+						readAccessTokens(reader);
-				} else if (name.equals(REFRESHTOKENS)) {
+					} else if (name.equals(REFRESHTOKENS)) {
-					readRefreshTokens(reader);
+						readRefreshTokens(reader);
-				} else if (name.equals(SYSTEMSCOPES)) {
+					} else if (name.equals(SYSTEMSCOPES)) {
-					readSystemScopes(reader);
+						readSystemScopes(reader);
-				} else {
+					} else {
-					for (MITREidDataServiceExtension extension : extensions) {
+						for (MITREidDataServiceExtension extension : extensions) {
-						if (extension.supportsVersion(THIS_VERSION)) {
 							if (extension.supportsVersion(THIS_VERSION)) {
-								extension.importExtensionData(name, reader);
+								if (extension.supportsVersion(THIS_VERSION)) {
-								break;
+									extension.importExtensionData(name, reader);
+									break;
+								}
 							}
 						}
+						// unknown token, skip it
+						reader.skipValue();
 					}
-					// unknown token, skip it
+					break;
+				case END_OBJECT:
+					// the object ended, we're done here
+					reader.endObject();
+					continue;
+				default:
+					logger.debug("Found unexpected entry");
 					reader.skipValue();
-				}
+					continue;			}
-				break;
-			case END_OBJECT:
-				// the object ended, we're done here
-				reader.endObject();
-				continue;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;			}
 		}
 		fixObjectReferences();
 		for (MITREidDataServiceExtension extension : extensions) {
@@ -203,37 +203,37 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			Long authHolderId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("expiration")) {
+						} else if (name.equals("expiration")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals("value")) {
+						} else if (name.equals("value")) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals("clientId")) {
+							clientId = reader.nextString();
+						} else if (name.equals("authenticationHolderId")) {
+							authHolderId = reader.nextLong();
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals("clientId")) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals("authenticationHolderId")) {
-						authHolderId = reader.nextLong();
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -265,45 +265,45 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			Long refreshTokenId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("expiration")) {
+						} else if (name.equals("expiration")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals("value")) {
+						} else if (name.equals("value")) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							// all tokens are JWTs
+								// all tokens are JWTs
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals("clientId")) {
+							clientId = reader.nextString();
+						} else if (name.equals("authenticationHolderId")) {
+							authHolderId = reader.nextLong();
+						} else if (name.equals("refreshTokenId")) {
+							refreshTokenId = reader.nextLong();
+						} else if (name.equals("scope")) {
+							Set<String> scope = readSet(reader);
+							token.setScope(scope);
+						} else if (name.equals("type")) {
+							token.setTokenType(reader.nextString());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals("clientId")) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals("authenticationHolderId")) {
-						authHolderId = reader.nextLong();
-					} else if (name.equals("refreshTokenId")) {
-						refreshTokenId = reader.nextLong();
-					} else if (name.equals("scope")) {
-						Set<String> scope = readSet(reader);
-						token.setScope(scope);
-					} else if (name.equals("type")) {
-						token.setTokenType(reader.nextString());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -331,61 +331,61 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			Long currentId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("ownerId")) {
+						} else if (name.equals("ownerId")) {
-						//not needed
+							//not needed
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("authentication")) {
+						} else if (name.equals("authentication")) {
-						OAuth2Request clientAuthorization = null;
+							OAuth2Request clientAuthorization = null;
-						Authentication userAuthentication = null;
+							Authentication userAuthentication = null;
-						reader.beginObject();
+							reader.beginObject();
-						while (reader.hasNext()) {
+							while (reader.hasNext()) {
-							switch (reader.peek()) {
+								switch (reader.peek()) {
-							case END_OBJECT:
+									case END_OBJECT:
-								continue;
+										continue;
-							case NAME:
+									case NAME:
-								String subName = reader.nextName();
+										String subName = reader.nextName();
-								if (reader.peek() == JsonToken.NULL) {
+										if (reader.peek() == JsonToken.NULL) {
-									reader.skipValue();
+											reader.skipValue();
-								} else if (subName.equals("clientAuthorization")) {
+										} else if (subName.equals("clientAuthorization")) {
-									clientAuthorization = readAuthorizationRequest(reader);
+											clientAuthorization = readAuthorizationRequest(reader);
-								} else if (subName.equals("userAuthentication")) {
+										} else if (subName.equals("userAuthentication")) {
-									// skip binary encoded version
+											// skip binary encoded version
-									reader.skipValue();
+											reader.skipValue();
 
-								} else if (subName.equals("savedUserAuthentication")) {
+										} else if (subName.equals("savedUserAuthentication")) {
-									userAuthentication = readSavedUserAuthentication(reader);
+											userAuthentication = readSavedUserAuthentication(reader);
 
-								} else {
+										} else {
-									logger.debug("Found unexpected entry");
+											logger.debug("Found unexpected entry");
-									reader.skipValue();
+											reader.skipValue();
+										}
+										break;
+									default:
+										logger.debug("Found unexpected entry");
+										reader.skipValue();
+										continue;
 								}
-								break;
-							default:
-								logger.debug("Found unexpected entry");
-								reader.skipValue();
-								continue;
 							}
+							reader.endObject();
+							OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
+							ahe.setAuthentication(auth);
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						reader.endObject();
+						break;
-						OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
+					default:
-						ahe.setAuthentication(auth);
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -410,47 +410,47 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 		reader.beginObject();
 		while (reader.hasNext()) {
 			switch (reader.peek()) {
-			case END_OBJECT:
+				case END_OBJECT:
-				continue;
+					continue;
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				if (reader.peek() == JsonToken.NULL) {
+					if (reader.peek() == JsonToken.NULL) {
-					reader.skipValue();
+						reader.skipValue();
-				} else if (name.equals("authorizationParameters")) {
+					} else if (name.equals("authorizationParameters")) {
-					authorizationParameters = readMap(reader);
+						authorizationParameters = readMap(reader);
-				} else if (name.equals("approvalParameters")) {
+					} else if (name.equals("approvalParameters")) {
-					reader.skipValue();
+						reader.skipValue();
-				} else if (name.equals("clientId")) {
+					} else if (name.equals("clientId")) {
-					clientId = reader.nextString();
+						clientId = reader.nextString();
-				} else if (name.equals("scope")) {
+					} else if (name.equals("scope")) {
-					scope = readSet(reader);
+						scope = readSet(reader);
-				} else if (name.equals("resourceIds")) {
+					} else if (name.equals("resourceIds")) {
-					resourceIds = readSet(reader);
+						resourceIds = readSet(reader);
-				} else if (name.equals("authorities")) {
+					} else if (name.equals("authorities")) {
-					Set<String> authorityStrs = readSet(reader);
+						Set<String> authorityStrs = readSet(reader);
-					authorities = new HashSet<>();
+						authorities = new HashSet<>();
-					for (String s : authorityStrs) {
+						for (String s : authorityStrs) {
-						GrantedAuthority ga = new SimpleGrantedAuthority(s);
+							GrantedAuthority ga = new SimpleGrantedAuthority(s);
-						authorities.add(ga);
+							authorities.add(ga);
+						}
+					} else if (name.equals("approved")) {
+						approved = reader.nextBoolean();
+					} else if (name.equals("denied")) {
+						if (approved == false) {
+							approved = !reader.nextBoolean();
+						}
+					} else if (name.equals("redirectUri")) {
+						redirectUri = reader.nextString();
+					} else if (name.equals("responseTypes")) {
+						responseTypes = readSet(reader);
+					} else {
+						reader.skipValue();
 					}
-				} else if (name.equals("approved")) {
+					break;
-					approved = reader.nextBoolean();
+				default:
-				} else if (name.equals("denied")) {
+					logger.debug("Found unexpected entry");
-					if (approved == false) {
-						approved = !reader.nextBoolean();
-					}
-				} else if (name.equals("redirectUri")) {
-					redirectUri = reader.nextString();
-				} else if (name.equals("responseTypes")) {
-					responseTypes = readSet(reader);
-				} else {
 					reader.skipValue();
-				}
+					continue;
-				break;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 		reader.endObject();
@@ -468,35 +468,35 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
-			case END_OBJECT:
+				case END_OBJECT:
-				continue;
+					continue;
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				if (reader.peek() == JsonToken.NULL) {
+					if (reader.peek() == JsonToken.NULL) {
-					reader.skipValue();
+						reader.skipValue();
-				} else if (name.equals("name")) {
+					} else if (name.equals("name")) {
-					savedUserAuth.setName(reader.nextString());
+						savedUserAuth.setName(reader.nextString());
-				} else if (name.equals("sourceClass")) {
+					} else if (name.equals("sourceClass")) {
-					savedUserAuth.setSourceClass(reader.nextString());
+						savedUserAuth.setSourceClass(reader.nextString());
-				} else if (name.equals("authenticated")) {
+					} else if (name.equals("authenticated")) {
-					savedUserAuth.setAuthenticated(reader.nextBoolean());
+						savedUserAuth.setAuthenticated(reader.nextBoolean());
-				} else if (name.equals("authorities")) {
+					} else if (name.equals("authorities")) {
-					Set<String> authorityStrs = readSet(reader);
+						Set<String> authorityStrs = readSet(reader);
-					Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-					for (String s : authorityStrs) {
+						for (String s : authorityStrs) {
-						GrantedAuthority ga = new SimpleGrantedAuthority(s);
+							GrantedAuthority ga = new SimpleGrantedAuthority(s);
-						authorities.add(ga);
+							authorities.add(ga);
+						}
+						savedUserAuth.setAuthorities(authorities);
+					} else {
+						logger.debug("Found unexpected entry");
+						reader.skipValue();
 					}
-					savedUserAuth.setAuthorities(authorities);
+					break;
-				} else {
+				default:
 					logger.debug("Found unexpected entry");
 					reader.skipValue();
-				}
+					continue;
-				break;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 
@@ -518,43 +518,43 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("accessDate")) {
+						} else if (name.equals("accessDate")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setAccessDate(date);
+							site.setAccessDate(date);
-					} else if (name.equals("clientId")) {
+						} else if (name.equals("clientId")) {
-						site.setClientId(reader.nextString());
+							site.setClientId(reader.nextString());
-					} else if (name.equals("creationDate")) {
+						} else if (name.equals("creationDate")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setCreationDate(date);
+							site.setCreationDate(date);
-					} else if (name.equals("timeoutDate")) {
+						} else if (name.equals("timeoutDate")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setTimeoutDate(date);
+							site.setTimeoutDate(date);
-					} else if (name.equals("userId")) {
+						} else if (name.equals("userId")) {
-						site.setUserId(reader.nextString());
+							site.setUserId(reader.nextString());
-					} else if (name.equals("allowedScopes")) {
+						} else if (name.equals("allowedScopes")) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						site.setAllowedScopes(allowedScopes);
+							site.setAllowedScopes(allowedScopes);
-					} else if (name.equals("whitelistedSiteId")) {
+						} else if (name.equals("whitelistedSiteId")) {
-						whitelistedSiteId = reader.nextLong();
+							whitelistedSiteId = reader.nextLong();
-					} else if (name.equals("approvedAccessTokens")) {
+						} else if (name.equals("approvedAccessTokens")) {
-						tokenIds = readSet(reader);
+							tokenIds = readSet(reader);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -583,28 +583,28 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals("id")) {
+						if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("clientId")) {
+						} else if (name.equals("clientId")) {
-						wlSite.setClientId(reader.nextString());
+							wlSite.setClientId(reader.nextString());
-					} else if (name.equals("creatorUserId")) {
+						} else if (name.equals("creatorUserId")) {
-						wlSite.setCreatorUserId(reader.nextString());
+							wlSite.setCreatorUserId(reader.nextString());
-					} else if (name.equals("allowedScopes")) {
+						} else if (name.equals("allowedScopes")) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						wlSite.setAllowedScopes(allowedScopes);
+							wlSite.setAllowedScopes(allowedScopes);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -626,23 +626,23 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals("id")) {
+						if (name.equals("id")) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("uri")) {
+						} else if (name.equals("uri")) {
-						blSite.setUri(reader.nextString());
+							blSite.setUri(reader.nextString());
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -663,125 +663,125 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("clientId")) {
+						} else if (name.equals("clientId")) {
-						client.setClientId(reader.nextString());
+							client.setClientId(reader.nextString());
-					} else if (name.equals("resourceIds")) {
+						} else if (name.equals("resourceIds")) {
-						Set<String> resourceIds = readSet(reader);
+							Set<String> resourceIds = readSet(reader);
-						client.setResourceIds(resourceIds);
+							client.setResourceIds(resourceIds);
-					} else if (name.equals("secret")) {
+						} else if (name.equals("secret")) {
-						client.setClientSecret(reader.nextString());
+							client.setClientSecret(reader.nextString());
-					} else if (name.equals("scope")) {
+						} else if (name.equals("scope")) {
-						Set<String> scope = readSet(reader);
+							Set<String> scope = readSet(reader);
-						client.setScope(scope);
+							client.setScope(scope);
-					} else if (name.equals("authorities")) {
+						} else if (name.equals("authorities")) {
-						Set<String> authorityStrs = readSet(reader);
+							Set<String> authorityStrs = readSet(reader);
-						Set<GrantedAuthority> authorities = new HashSet<>();
+							Set<GrantedAuthority> authorities = new HashSet<>();
-						for (String s : authorityStrs) {
+							for (String s : authorityStrs) {
-							GrantedAuthority ga = new SimpleGrantedAuthority(s);
+								GrantedAuthority ga = new SimpleGrantedAuthority(s);
-							authorities.add(ga);
+								authorities.add(ga);
+							}
+							client.setAuthorities(authorities);
+						} else if (name.equals("accessTokenValiditySeconds")) {
+							client.setAccessTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals("refreshTokenValiditySeconds")) {
+							client.setRefreshTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals("redirectUris")) {
+							Set<String> redirectUris = readSet(reader);
+							client.setRedirectUris(redirectUris);
+						} else if (name.equals("name")) {
+							client.setClientName(reader.nextString());
+						} else if (name.equals("uri")) {
+							client.setClientUri(reader.nextString());
+						} else if (name.equals("logoUri")) {
+							client.setLogoUri(reader.nextString());
+						} else if (name.equals("contacts")) {
+							Set<String> contacts = readSet(reader);
+							client.setContacts(contacts);
+						} else if (name.equals("tosUri")) {
+							client.setTosUri(reader.nextString());
+						} else if (name.equals("tokenEndpointAuthMethod")) {
+							AuthMethod am = AuthMethod.getByValue(reader.nextString());
+							client.setTokenEndpointAuthMethod(am);
+						} else if (name.equals("grantTypes")) {
+							Set<String> grantTypes = readSet(reader);
+							client.setGrantTypes(grantTypes);
+						} else if (name.equals("responseTypes")) {
+							Set<String> responseTypes = readSet(reader);
+							client.setResponseTypes(responseTypes);
+						} else if (name.equals("policyUri")) {
+							client.setPolicyUri(reader.nextString());
+						} else if (name.equals("applicationType")) {
+							AppType appType = AppType.getByValue(reader.nextString());
+							client.setApplicationType(appType);
+						} else if (name.equals("sectorIdentifierUri")) {
+							client.setSectorIdentifierUri(reader.nextString());
+						} else if (name.equals("subjectType")) {
+							SubjectType st = SubjectType.getByValue(reader.nextString());
+							client.setSubjectType(st);
+						} else if (name.equals("jwks_uri")) {
+							client.setJwksUri(reader.nextString());
+						} else if (name.equals("requestObjectSigningAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setRequestObjectSigningAlg(alg);
+						} else if (name.equals("userInfoEncryptedResponseAlg")) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseAlg(alg);
+						} else if (name.equals("userInfoEncryptedResponseEnc")) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseEnc(alg);
+						} else if (name.equals("userInfoSignedResponseAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setUserInfoSignedResponseAlg(alg);
+						} else if (name.equals("idTokenSignedResonseAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setIdTokenSignedResponseAlg(alg);
+						} else if (name.equals("idTokenEncryptedResponseAlg")) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseAlg(alg);
+						} else if (name.equals("idTokenEncryptedResponseEnc")) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseEnc(alg);
+						} else if (name.equals("tokenEndpointAuthSigningAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setTokenEndpointAuthSigningAlg(alg);
+						} else if (name.equals("defaultMaxAge")) {
+							client.setDefaultMaxAge(reader.nextInt());
+						} else if (name.equals("requireAuthTime")) {
+							client.setRequireAuthTime(reader.nextBoolean());
+						} else if (name.equals("defaultACRValues")) {
+							Set<String> defaultACRvalues = readSet(reader);
+							client.setDefaultACRvalues(defaultACRvalues);
+						} else if (name.equals("initiateLoginUri")) {
+							client.setInitiateLoginUri(reader.nextString());
+						} else if (name.equals("postLogoutRedirectUri")) {
+							HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
+							client.setPostLogoutRedirectUris(postLogoutUris);
+						} else if (name.equals("requestUris")) {
+							Set<String> requestUris = readSet(reader);
+							client.setRequestUris(requestUris);
+						} else if (name.equals("description")) {
+							client.setClientDescription(reader.nextString());
+						} else if (name.equals("allowIntrospection")) {
+							client.setAllowIntrospection(reader.nextBoolean());
+						} else if (name.equals("reuseRefreshToken")) {
+							client.setReuseRefreshToken(reader.nextBoolean());
+						} else if (name.equals("dynamicallyRegistered")) {
+							client.setDynamicallyRegistered(reader.nextBoolean());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						client.setAuthorities(authorities);
+						break;
-					} else if (name.equals("accessTokenValiditySeconds")) {
+					default:
-						client.setAccessTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals("refreshTokenValiditySeconds")) {
-						client.setRefreshTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals("redirectUris")) {
-						Set<String> redirectUris = readSet(reader);
-						client.setRedirectUris(redirectUris);
-					} else if (name.equals("name")) {
-						client.setClientName(reader.nextString());
-					} else if (name.equals("uri")) {
-						client.setClientUri(reader.nextString());
-					} else if (name.equals("logoUri")) {
-						client.setLogoUri(reader.nextString());
-					} else if (name.equals("contacts")) {
-						Set<String> contacts = readSet(reader);
-						client.setContacts(contacts);
-					} else if (name.equals("tosUri")) {
-						client.setTosUri(reader.nextString());
-					} else if (name.equals("tokenEndpointAuthMethod")) {
-						AuthMethod am = AuthMethod.getByValue(reader.nextString());
-						client.setTokenEndpointAuthMethod(am);
-					} else if (name.equals("grantTypes")) {
-						Set<String> grantTypes = readSet(reader);
-						client.setGrantTypes(grantTypes);
-					} else if (name.equals("responseTypes")) {
-						Set<String> responseTypes = readSet(reader);
-						client.setResponseTypes(responseTypes);
-					} else if (name.equals("policyUri")) {
-						client.setPolicyUri(reader.nextString());
-					} else if (name.equals("applicationType")) {
-						AppType appType = AppType.getByValue(reader.nextString());
-						client.setApplicationType(appType);
-					} else if (name.equals("sectorIdentifierUri")) {
-						client.setSectorIdentifierUri(reader.nextString());
-					} else if (name.equals("subjectType")) {
-						SubjectType st = SubjectType.getByValue(reader.nextString());
-						client.setSubjectType(st);
-					} else if (name.equals("jwks_uri")) {
-						client.setJwksUri(reader.nextString());
-					} else if (name.equals("requestObjectSigningAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setRequestObjectSigningAlg(alg);
-					} else if (name.equals("userInfoEncryptedResponseAlg")) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseAlg(alg);
-					} else if (name.equals("userInfoEncryptedResponseEnc")) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseEnc(alg);
-					} else if (name.equals("userInfoSignedResponseAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setUserInfoSignedResponseAlg(alg);
-					} else if (name.equals("idTokenSignedResonseAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setIdTokenSignedResponseAlg(alg);
-					} else if (name.equals("idTokenEncryptedResponseAlg")) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseAlg(alg);
-					} else if (name.equals("idTokenEncryptedResponseEnc")) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseEnc(alg);
-					} else if (name.equals("tokenEndpointAuthSigningAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setTokenEndpointAuthSigningAlg(alg);
-					} else if (name.equals("defaultMaxAge")) {
-						client.setDefaultMaxAge(reader.nextInt());
-					} else if (name.equals("requireAuthTime")) {
-						client.setRequireAuthTime(reader.nextBoolean());
-					} else if (name.equals("defaultACRValues")) {
-						Set<String> defaultACRvalues = readSet(reader);
-						client.setDefaultACRvalues(defaultACRvalues);
-					} else if (name.equals("initiateLoginUri")) {
-						client.setInitiateLoginUri(reader.nextString());
-					} else if (name.equals("postLogoutRedirectUri")) {
-						HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
-						client.setPostLogoutRedirectUris(postLogoutUris);
-					} else if (name.equals("requestUris")) {
-						Set<String> requestUris = readSet(reader);
-						client.setRequestUris(requestUris);
-					} else if (name.equals("description")) {
-						client.setClientDescription(reader.nextString());
-					} else if (name.equals("allowIntrospection")) {
-						client.setAllowIntrospection(reader.nextBoolean());
-					} else if (name.equals("reuseRefreshToken")) {
-						client.setReuseRefreshToken(reader.nextBoolean());
-					} else if (name.equals("dynamicallyRegistered")) {
-						client.setDynamicallyRegistered(reader.nextBoolean());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -805,32 +805,32 @@ public class MITREidDataService_1_0 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
+							reader.skipValue();
+						} else if (name.equals("value")) {
+							scope.setValue(reader.nextString());
+						} else if (name.equals("description")) {
+							scope.setDescription(reader.nextString());
+						} else if (name.equals("allowDynReg")) {
+							// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
+							scope.setRestricted(!reader.nextBoolean());
+						} else if (name.equals("defaultScope")) {
+							scope.setDefaultScope(reader.nextBoolean());
+						} else if (name.equals("icon")) {
+							scope.setIcon(reader.nextString());
+						} else {
+							logger.debug("found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
+						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					} else if (name.equals("value")) {
+						continue;
-						scope.setValue(reader.nextString());
-					} else if (name.equals("description")) {
-						scope.setDescription(reader.nextString());
-					} else if (name.equals("allowDynReg")) {
-						// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
-						scope.setRestricted(!reader.nextBoolean());
-					} else if (name.equals("defaultScope")) {
-						scope.setDefaultScope(reader.nextBoolean());
-					} else if (name.equals("icon")) {
-						scope.setIcon(reader.nextString());
-					} else {
-						logger.debug("found unexpected entry");
-						reader.skipValue();
-					}
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java

@@ -16,6 +16,9 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import static org.mitre.util.JsonUtils.readMap;
+import static org.mitre.util.JsonUtils.readSet;
+
 import java.io.IOException;
 import java.io.Serializable;
 import java.text.ParseException;
@@ -71,9 +74,6 @@ import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jwt.JWTParser;
 
-import static org.mitre.util.JsonUtils.readMap;
-import static org.mitre.util.JsonUtils.readSet;
-
 /**
  *
  * Data service to import MITREid 1.1 configuration.
@@ -137,46 +137,46 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 		while (reader.hasNext()) {
 			JsonToken tok = reader.peek();
 			switch (tok) {
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				// find out which member it is
+					// find out which member it is
-				if (name.equals(CLIENTS)) {
+					if (name.equals(CLIENTS)) {
-					readClients(reader);
+						readClients(reader);
-				} else if (name.equals(GRANTS)) {
+					} else if (name.equals(GRANTS)) {
-					readGrants(reader);
+						readGrants(reader);
-				} else if (name.equals(WHITELISTEDSITES)) {
+					} else if (name.equals(WHITELISTEDSITES)) {
-					readWhitelistedSites(reader);
+						readWhitelistedSites(reader);
-				} else if (name.equals(BLACKLISTEDSITES)) {
+					} else if (name.equals(BLACKLISTEDSITES)) {
-					readBlacklistedSites(reader);
+						readBlacklistedSites(reader);
-				} else if (name.equals(AUTHENTICATIONHOLDERS)) {
+					} else if (name.equals(AUTHENTICATIONHOLDERS)) {
-					readAuthenticationHolders(reader);
+						readAuthenticationHolders(reader);
-				} else if (name.equals(ACCESSTOKENS)) {
+					} else if (name.equals(ACCESSTOKENS)) {
-					readAccessTokens(reader);
+						readAccessTokens(reader);
-				} else if (name.equals(REFRESHTOKENS)) {
+					} else if (name.equals(REFRESHTOKENS)) {
-					readRefreshTokens(reader);
+						readRefreshTokens(reader);
-				} else if (name.equals(SYSTEMSCOPES)) {
+					} else if (name.equals(SYSTEMSCOPES)) {
-					readSystemScopes(reader);
+						readSystemScopes(reader);
-				} else {
+					} else {
-					for (MITREidDataServiceExtension extension : extensions) {
+						for (MITREidDataServiceExtension extension : extensions) {
-						if (extension.supportsVersion(THIS_VERSION)) {
 							if (extension.supportsVersion(THIS_VERSION)) {
-								extension.importExtensionData(name, reader);
+								if (extension.supportsVersion(THIS_VERSION)) {
-								break;
+									extension.importExtensionData(name, reader);
+									break;
+								}
 							}
 						}
+						// unknown token, skip it
+						reader.skipValue();
 					}
-					// unknown token, skip it
+					break;
+				case END_OBJECT:
+					// the object ended, we're done here
+					reader.endObject();
+					continue;
+				default:
+					logger.debug("Found unexpected entry");
 					reader.skipValue();
-				}
+					continue;
-				break;
-			case END_OBJECT:
-				// the object ended, we're done here
-				reader.endObject();
-				continue;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 		fixObjectReferences();
@@ -206,37 +206,37 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			Long authHolderId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("expiration")) {
+						} else if (name.equals("expiration")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals("value")) {
+						} else if (name.equals("value")) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals("clientId")) {
+							clientId = reader.nextString();
+						} else if (name.equals("authenticationHolderId")) {
+							authHolderId = reader.nextLong();
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals("clientId")) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals("authenticationHolderId")) {
-						authHolderId = reader.nextLong();
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -268,45 +268,45 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			Long refreshTokenId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("expiration")) {
+						} else if (name.equals("expiration")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals("value")) {
+						} else if (name.equals("value")) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							// all tokens are JWTs
+								// all tokens are JWTs
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals("clientId")) {
+							clientId = reader.nextString();
+						} else if (name.equals("authenticationHolderId")) {
+							authHolderId = reader.nextLong();
+						} else if (name.equals("refreshTokenId")) {
+							refreshTokenId = reader.nextLong();
+						} else if (name.equals("scope")) {
+							Set<String> scope = readSet(reader);
+							token.setScope(scope);
+						} else if (name.equals("type")) {
+							token.setTokenType(reader.nextString());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals("clientId")) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals("authenticationHolderId")) {
-						authHolderId = reader.nextLong();
-					} else if (name.equals("refreshTokenId")) {
-						refreshTokenId = reader.nextLong();
-					} else if (name.equals("scope")) {
-						Set<String> scope = readSet(reader);
-						token.setScope(scope);
-					} else if (name.equals("type")) {
-						token.setTokenType(reader.nextString());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -334,61 +334,61 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			Long currentId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("ownerId")) {
+						} else if (name.equals("ownerId")) {
-						//not needed
+							//not needed
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("authentication")) {
+						} else if (name.equals("authentication")) {
-						OAuth2Request clientAuthorization = null;
+							OAuth2Request clientAuthorization = null;
-						Authentication userAuthentication = null;
+							Authentication userAuthentication = null;
-						reader.beginObject();
+							reader.beginObject();
-						while (reader.hasNext()) {
+							while (reader.hasNext()) {
-							switch (reader.peek()) {
+								switch (reader.peek()) {
-							case END_OBJECT:
+									case END_OBJECT:
-								continue;
+										continue;
-							case NAME:
+									case NAME:
-								String subName = reader.nextName();
+										String subName = reader.nextName();
-								if (reader.peek() == JsonToken.NULL) {
+										if (reader.peek() == JsonToken.NULL) {
-									reader.skipValue(); // skip null values
+											reader.skipValue(); // skip null values
-								} else if (subName.equals("clientAuthorization")) {
+										} else if (subName.equals("clientAuthorization")) {
-									clientAuthorization = readAuthorizationRequest(reader);
+											clientAuthorization = readAuthorizationRequest(reader);
-								} else if (subName.equals("userAuthentication")) {
+										} else if (subName.equals("userAuthentication")) {
-									// skip binary encoded version
+											// skip binary encoded version
-									reader.skipValue();
+											reader.skipValue();
 
-								} else if (subName.equals("savedUserAuthentication")) {
+										} else if (subName.equals("savedUserAuthentication")) {
-									userAuthentication = readSavedUserAuthentication(reader);
+											userAuthentication = readSavedUserAuthentication(reader);
 
-								} else {
+										} else {
-									logger.debug("Found unexpected entry");
+											logger.debug("Found unexpected entry");
-									reader.skipValue();
+											reader.skipValue();
+										}
+										break;
+									default:
+										logger.debug("Found unexpected entry");
+										reader.skipValue();
+										continue;
 								}
-								break;
-							default:
-								logger.debug("Found unexpected entry");
-								reader.skipValue();
-								continue;
 							}
+							reader.endObject();
+							OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
+							ahe.setAuthentication(auth);
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						reader.endObject();
+						break;
-						OAuth2Authentication auth = new OAuth2Authentication(clientAuthorization, userAuthentication);
+					default:
-						ahe.setAuthentication(auth);
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -414,53 +414,53 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 		reader.beginObject();
 		while (reader.hasNext()) {
 			switch (reader.peek()) {
-			case END_OBJECT:
+				case END_OBJECT:
-				continue;
+					continue;
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				if (reader.peek() == JsonToken.NULL) {
+					if (reader.peek() == JsonToken.NULL) {
-					reader.skipValue();
+						reader.skipValue();
-				} else if (name.equals("requestParameters")) {
+					} else if (name.equals("requestParameters")) {
-					requestParameters = readMap(reader);
+						requestParameters = readMap(reader);
-				} else if (name.equals("clientId")) {
+					} else if (name.equals("clientId")) {
-					clientId = reader.nextString();
+						clientId = reader.nextString();
-				} else if (name.equals("scope")) {
+					} else if (name.equals("scope")) {
-					scope = readSet(reader);
+						scope = readSet(reader);
-				} else if (name.equals("resourceIds")) {
+					} else if (name.equals("resourceIds")) {
-					resourceIds = readSet(reader);
+						resourceIds = readSet(reader);
-				} else if (name.equals("authorities")) {
+					} else if (name.equals("authorities")) {
-					Set<String> authorityStrs = readSet(reader);
+						Set<String> authorityStrs = readSet(reader);
-					authorities = new HashSet<>();
+						authorities = new HashSet<>();
-					for (String s : authorityStrs) {
+						for (String s : authorityStrs) {
-						GrantedAuthority ga = new SimpleGrantedAuthority(s);
+							GrantedAuthority ga = new SimpleGrantedAuthority(s);
-						authorities.add(ga);
+							authorities.add(ga);
+						}
+					} else if (name.equals("approved")) {
+						approved = reader.nextBoolean();
+					} else if (name.equals("denied")) {
+						if (approved == false) {
+							approved = !reader.nextBoolean();
+						}
+					} else if (name.equals("redirectUri")) {
+						redirectUri = reader.nextString();
+					} else if (name.equals("responseTypes")) {
+						responseTypes = readSet(reader);
+					} else if (name.equals("extensions")) {
+						// skip the binary encoded version
+						reader.skipValue();
+					} else if (name.equals("extensionStrings")) {
+						Map<String, String> extEnc = readMap(reader);
+						for (Entry<String, String> entry : extEnc.entrySet()) {
+							extensions.put(entry.getKey(), entry.getValue());
+						}
+					} else {
+						reader.skipValue();
 					}
-				} else if (name.equals("approved")) {
+					break;
-					approved = reader.nextBoolean();
+				default:
-				} else if (name.equals("denied")) {
+					logger.debug("Found unexpected entry");
-					if (approved == false) {
-						approved = !reader.nextBoolean();
-					}
-				} else if (name.equals("redirectUri")) {
-					redirectUri = reader.nextString();
-				} else if (name.equals("responseTypes")) {
-					responseTypes = readSet(reader);
-				} else if (name.equals("extensions")) {
-					// skip the binary encoded version
 					reader.skipValue();
-				} else if (name.equals("extensionStrings")) {
+					continue;
-					Map<String, String> extEnc = readMap(reader);
-					for (Entry<String, String> entry : extEnc.entrySet()) {
-						extensions.put(entry.getKey(), entry.getValue());
-					}
-				} else {
-					reader.skipValue();
-				}
-				break;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 		reader.endObject();
@@ -478,35 +478,35 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
-			case END_OBJECT:
+				case END_OBJECT:
-				continue;
+					continue;
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				if (reader.peek() == JsonToken.NULL) {
+					if (reader.peek() == JsonToken.NULL) {
-					reader.skipValue();
+						reader.skipValue();
-				} else if (name.equals("name")) {
+					} else if (name.equals("name")) {
-					savedUserAuth.setName(reader.nextString());
+						savedUserAuth.setName(reader.nextString());
-				} else if (name.equals("sourceClass")) {
+					} else if (name.equals("sourceClass")) {
-					savedUserAuth.setSourceClass(reader.nextString());
+						savedUserAuth.setSourceClass(reader.nextString());
-				} else if (name.equals("authenticated")) {
+					} else if (name.equals("authenticated")) {
-					savedUserAuth.setAuthenticated(reader.nextBoolean());
+						savedUserAuth.setAuthenticated(reader.nextBoolean());
-				} else if (name.equals("authorities")) {
+					} else if (name.equals("authorities")) {
-					Set<String> authorityStrs = readSet(reader);
+						Set<String> authorityStrs = readSet(reader);
-					Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-					for (String s : authorityStrs) {
+						for (String s : authorityStrs) {
-						GrantedAuthority ga = new SimpleGrantedAuthority(s);
+							GrantedAuthority ga = new SimpleGrantedAuthority(s);
-						authorities.add(ga);
+							authorities.add(ga);
+						}
+						savedUserAuth.setAuthorities(authorities);
+					} else {
+						logger.debug("Found unexpected entry");
+						reader.skipValue();
 					}
-					savedUserAuth.setAuthorities(authorities);
+					break;
-				} else {
+				default:
 					logger.debug("Found unexpected entry");
 					reader.skipValue();
-				}
+					continue;
-				break;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 
@@ -528,43 +528,43 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("id")) {
+						} else if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("accessDate")) {
+						} else if (name.equals("accessDate")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setAccessDate(date);
+							site.setAccessDate(date);
-					} else if (name.equals("clientId")) {
+						} else if (name.equals("clientId")) {
-						site.setClientId(reader.nextString());
+							site.setClientId(reader.nextString());
-					} else if (name.equals("creationDate")) {
+						} else if (name.equals("creationDate")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setCreationDate(date);
+							site.setCreationDate(date);
-					} else if (name.equals("timeoutDate")) {
+						} else if (name.equals("timeoutDate")) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setTimeoutDate(date);
+							site.setTimeoutDate(date);
-					} else if (name.equals("userId")) {
+						} else if (name.equals("userId")) {
-						site.setUserId(reader.nextString());
+							site.setUserId(reader.nextString());
-					} else if (name.equals("allowedScopes")) {
+						} else if (name.equals("allowedScopes")) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						site.setAllowedScopes(allowedScopes);
+							site.setAllowedScopes(allowedScopes);
-					} else if (name.equals("whitelistedSiteId")) {
+						} else if (name.equals("whitelistedSiteId")) {
-						whitelistedSiteId = reader.nextLong();
+							whitelistedSiteId = reader.nextLong();
-					} else if (name.equals("approvedAccessTokens")) {
+						} else if (name.equals("approvedAccessTokens")) {
-						tokenIds = readSet(reader);
+							tokenIds = readSet(reader);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -593,28 +593,28 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals("id")) {
+						if (name.equals("id")) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals("clientId")) {
+						} else if (name.equals("clientId")) {
-						wlSite.setClientId(reader.nextString());
+							wlSite.setClientId(reader.nextString());
-					} else if (name.equals("creatorUserId")) {
+						} else if (name.equals("creatorUserId")) {
-						wlSite.setCreatorUserId(reader.nextString());
+							wlSite.setCreatorUserId(reader.nextString());
-					} else if (name.equals("allowedScopes")) {
+						} else if (name.equals("allowedScopes")) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						wlSite.setAllowedScopes(allowedScopes);
+							wlSite.setAllowedScopes(allowedScopes);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -636,23 +636,23 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals("id")) {
+						if (name.equals("id")) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("uri")) {
+						} else if (name.equals("uri")) {
-						blSite.setUri(reader.nextString());
+							blSite.setUri(reader.nextString());
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -673,125 +673,125 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals("clientId")) {
+						} else if (name.equals("clientId")) {
-						client.setClientId(reader.nextString());
+							client.setClientId(reader.nextString());
-					} else if (name.equals("resourceIds")) {
+						} else if (name.equals("resourceIds")) {
-						Set<String> resourceIds = readSet(reader);
+							Set<String> resourceIds = readSet(reader);
-						client.setResourceIds(resourceIds);
+							client.setResourceIds(resourceIds);
-					} else if (name.equals("secret")) {
+						} else if (name.equals("secret")) {
-						client.setClientSecret(reader.nextString());
+							client.setClientSecret(reader.nextString());
-					} else if (name.equals("scope")) {
+						} else if (name.equals("scope")) {
-						Set<String> scope = readSet(reader);
+							Set<String> scope = readSet(reader);
-						client.setScope(scope);
+							client.setScope(scope);
-					} else if (name.equals("authorities")) {
+						} else if (name.equals("authorities")) {
-						Set<String> authorityStrs = readSet(reader);
+							Set<String> authorityStrs = readSet(reader);
-						Set<GrantedAuthority> authorities = new HashSet<>();
+							Set<GrantedAuthority> authorities = new HashSet<>();
-						for (String s : authorityStrs) {
+							for (String s : authorityStrs) {
-							GrantedAuthority ga = new SimpleGrantedAuthority(s);
+								GrantedAuthority ga = new SimpleGrantedAuthority(s);
-							authorities.add(ga);
+								authorities.add(ga);
+							}
+							client.setAuthorities(authorities);
+						} else if (name.equals("accessTokenValiditySeconds")) {
+							client.setAccessTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals("refreshTokenValiditySeconds")) {
+							client.setRefreshTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals("redirectUris")) {
+							Set<String> redirectUris = readSet(reader);
+							client.setRedirectUris(redirectUris);
+						} else if (name.equals("name")) {
+							client.setClientName(reader.nextString());
+						} else if (name.equals("uri")) {
+							client.setClientUri(reader.nextString());
+						} else if (name.equals("logoUri")) {
+							client.setLogoUri(reader.nextString());
+						} else if (name.equals("contacts")) {
+							Set<String> contacts = readSet(reader);
+							client.setContacts(contacts);
+						} else if (name.equals("tosUri")) {
+							client.setTosUri(reader.nextString());
+						} else if (name.equals("tokenEndpointAuthMethod")) {
+							AuthMethod am = AuthMethod.getByValue(reader.nextString());
+							client.setTokenEndpointAuthMethod(am);
+						} else if (name.equals("grantTypes")) {
+							Set<String> grantTypes = readSet(reader);
+							client.setGrantTypes(grantTypes);
+						} else if (name.equals("responseTypes")) {
+							Set<String> responseTypes = readSet(reader);
+							client.setResponseTypes(responseTypes);
+						} else if (name.equals("policyUri")) {
+							client.setPolicyUri(reader.nextString());
+						} else if (name.equals("applicationType")) {
+							AppType appType = AppType.getByValue(reader.nextString());
+							client.setApplicationType(appType);
+						} else if (name.equals("sectorIdentifierUri")) {
+							client.setSectorIdentifierUri(reader.nextString());
+						} else if (name.equals("subjectType")) {
+							SubjectType st = SubjectType.getByValue(reader.nextString());
+							client.setSubjectType(st);
+						} else if (name.equals("jwks_uri")) {
+							client.setJwksUri(reader.nextString());
+						} else if (name.equals("requestObjectSigningAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setRequestObjectSigningAlg(alg);
+						} else if (name.equals("userInfoEncryptedResponseAlg")) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseAlg(alg);
+						} else if (name.equals("userInfoEncryptedResponseEnc")) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseEnc(alg);
+						} else if (name.equals("userInfoSignedResponseAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setUserInfoSignedResponseAlg(alg);
+						} else if (name.equals("idTokenSignedResonseAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setIdTokenSignedResponseAlg(alg);
+						} else if (name.equals("idTokenEncryptedResponseAlg")) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseAlg(alg);
+						} else if (name.equals("idTokenEncryptedResponseEnc")) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseEnc(alg);
+						} else if (name.equals("tokenEndpointAuthSigningAlg")) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setTokenEndpointAuthSigningAlg(alg);
+						} else if (name.equals("defaultMaxAge")) {
+							client.setDefaultMaxAge(reader.nextInt());
+						} else if (name.equals("requireAuthTime")) {
+							client.setRequireAuthTime(reader.nextBoolean());
+						} else if (name.equals("defaultACRValues")) {
+							Set<String> defaultACRvalues = readSet(reader);
+							client.setDefaultACRvalues(defaultACRvalues);
+						} else if (name.equals("initiateLoginUri")) {
+							client.setInitiateLoginUri(reader.nextString());
+						} else if (name.equals("postLogoutRedirectUri")) {
+							HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
+							client.setPostLogoutRedirectUris(postLogoutUris);
+						} else if (name.equals("requestUris")) {
+							Set<String> requestUris = readSet(reader);
+							client.setRequestUris(requestUris);
+						} else if (name.equals("description")) {
+							client.setClientDescription(reader.nextString());
+						} else if (name.equals("allowIntrospection")) {
+							client.setAllowIntrospection(reader.nextBoolean());
+						} else if (name.equals("reuseRefreshToken")) {
+							client.setReuseRefreshToken(reader.nextBoolean());
+						} else if (name.equals("dynamicallyRegistered")) {
+							client.setDynamicallyRegistered(reader.nextBoolean());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						client.setAuthorities(authorities);
+						break;
-					} else if (name.equals("accessTokenValiditySeconds")) {
+					default:
-						client.setAccessTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals("refreshTokenValiditySeconds")) {
-						client.setRefreshTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals("redirectUris")) {
-						Set<String> redirectUris = readSet(reader);
-						client.setRedirectUris(redirectUris);
-					} else if (name.equals("name")) {
-						client.setClientName(reader.nextString());
-					} else if (name.equals("uri")) {
-						client.setClientUri(reader.nextString());
-					} else if (name.equals("logoUri")) {
-						client.setLogoUri(reader.nextString());
-					} else if (name.equals("contacts")) {
-						Set<String> contacts = readSet(reader);
-						client.setContacts(contacts);
-					} else if (name.equals("tosUri")) {
-						client.setTosUri(reader.nextString());
-					} else if (name.equals("tokenEndpointAuthMethod")) {
-						AuthMethod am = AuthMethod.getByValue(reader.nextString());
-						client.setTokenEndpointAuthMethod(am);
-					} else if (name.equals("grantTypes")) {
-						Set<String> grantTypes = readSet(reader);
-						client.setGrantTypes(grantTypes);
-					} else if (name.equals("responseTypes")) {
-						Set<String> responseTypes = readSet(reader);
-						client.setResponseTypes(responseTypes);
-					} else if (name.equals("policyUri")) {
-						client.setPolicyUri(reader.nextString());
-					} else if (name.equals("applicationType")) {
-						AppType appType = AppType.getByValue(reader.nextString());
-						client.setApplicationType(appType);
-					} else if (name.equals("sectorIdentifierUri")) {
-						client.setSectorIdentifierUri(reader.nextString());
-					} else if (name.equals("subjectType")) {
-						SubjectType st = SubjectType.getByValue(reader.nextString());
-						client.setSubjectType(st);
-					} else if (name.equals("jwks_uri")) {
-						client.setJwksUri(reader.nextString());
-					} else if (name.equals("requestObjectSigningAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setRequestObjectSigningAlg(alg);
-					} else if (name.equals("userInfoEncryptedResponseAlg")) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseAlg(alg);
-					} else if (name.equals("userInfoEncryptedResponseEnc")) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseEnc(alg);
-					} else if (name.equals("userInfoSignedResponseAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setUserInfoSignedResponseAlg(alg);
-					} else if (name.equals("idTokenSignedResonseAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setIdTokenSignedResponseAlg(alg);
-					} else if (name.equals("idTokenEncryptedResponseAlg")) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseAlg(alg);
-					} else if (name.equals("idTokenEncryptedResponseEnc")) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseEnc(alg);
-					} else if (name.equals("tokenEndpointAuthSigningAlg")) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setTokenEndpointAuthSigningAlg(alg);
-					} else if (name.equals("defaultMaxAge")) {
-						client.setDefaultMaxAge(reader.nextInt());
-					} else if (name.equals("requireAuthTime")) {
-						client.setRequireAuthTime(reader.nextBoolean());
-					} else if (name.equals("defaultACRValues")) {
-						Set<String> defaultACRvalues = readSet(reader);
-						client.setDefaultACRvalues(defaultACRvalues);
-					} else if (name.equals("initiateLoginUri")) {
-						client.setInitiateLoginUri(reader.nextString());
-					} else if (name.equals("postLogoutRedirectUri")) {
-						HashSet<String> postLogoutUris = Sets.newHashSet(reader.nextString());
-						client.setPostLogoutRedirectUris(postLogoutUris);
-					} else if (name.equals("requestUris")) {
-						Set<String> requestUris = readSet(reader);
-						client.setRequestUris(requestUris);
-					} else if (name.equals("description")) {
-						client.setClientDescription(reader.nextString());
-					} else if (name.equals("allowIntrospection")) {
-						client.setAllowIntrospection(reader.nextBoolean());
-					} else if (name.equals("reuseRefreshToken")) {
-						client.setReuseRefreshToken(reader.nextBoolean());
-					} else if (name.equals("dynamicallyRegistered")) {
-						client.setDynamicallyRegistered(reader.nextBoolean());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -815,36 +815,36 @@ public class MITREidDataService_1_1 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
+							reader.skipValue();
+						} else if (name.equals("value")) {
+							scope.setValue(reader.nextString());
+						} else if (name.equals("description")) {
+							scope.setDescription(reader.nextString());
+						} else if (name.equals("allowDynReg")) {
+							// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
+							scope.setRestricted(!reader.nextBoolean());
+						} else if (name.equals("defaultScope")) {
+							scope.setDefaultScope(reader.nextBoolean());
+						} else if (name.equals("structured")) {
+							logger.warn("Found a structured scope, ignoring structure");
+						} else if (name.equals("structuredParameter")) {
+							logger.warn("Found a structured scope, ignoring structure");
+						} else if (name.equals("icon")) {
+							scope.setIcon(reader.nextString());
+						} else {
+							logger.debug("found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
+						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					} else if (name.equals("value")) {
+						continue;
-						scope.setValue(reader.nextString());
-					} else if (name.equals("description")) {
-						scope.setDescription(reader.nextString());
-					} else if (name.equals("allowDynReg")) {
-						// previously "allowDynReg" scopes are now tagged as "not restricted" and vice versa
-						scope.setRestricted(!reader.nextBoolean());
-					} else if (name.equals("defaultScope")) {
-						scope.setDefaultScope(reader.nextBoolean());
-					} else if (name.equals("structured")) {
-						logger.warn("Found a structured scope, ignoring structure");
-					} else if (name.equals("structuredParameter")) {
-						logger.warn("Found a structured scope, ignoring structure");
-					} else if (name.equals("icon")) {
-						scope.setIcon(reader.nextString());
-					} else {
-						logger.debug("found unexpected entry");
-						reader.skipValue();
-					}
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java

@@ -16,16 +16,15 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import static org.mitre.util.JsonUtils.readMap;
+import static org.mitre.util.JsonUtils.readSet;
+
 import java.io.IOException;
-import java.io.Serializable;
 import java.text.ParseException;
 import java.util.Collections;
 import java.util.Date;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
 import java.util.Set;
 
 import org.mitre.oauth2.model.AuthenticationHolderEntity;
@@ -66,10 +65,6 @@ import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jwt.JWTParser;
 
-import static org.mitre.util.JsonUtils.readMap;
-import static org.mitre.util.JsonUtils.readSet;
-import static org.mitre.util.JsonUtils.writeNullSafeArray;
-
 /**
  *
  * Data service to import and export MITREid 1.2 configuration.
@@ -201,44 +196,44 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 		while (reader.hasNext()) {
 			JsonToken tok = reader.peek();
 			switch (tok) {
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				// find out which member it is
+					// find out which member it is
-				if (name.equals(CLIENTS)) {
+					if (name.equals(CLIENTS)) {
-					readClients(reader);
+						readClients(reader);
-				} else if (name.equals(GRANTS)) {
+					} else if (name.equals(GRANTS)) {
-					readGrants(reader);
+						readGrants(reader);
-				} else if (name.equals(WHITELISTEDSITES)) {
+					} else if (name.equals(WHITELISTEDSITES)) {
-					readWhitelistedSites(reader);
+						readWhitelistedSites(reader);
-				} else if (name.equals(BLACKLISTEDSITES)) {
+					} else if (name.equals(BLACKLISTEDSITES)) {
-					readBlacklistedSites(reader);
+						readBlacklistedSites(reader);
-				} else if (name.equals(AUTHENTICATIONHOLDERS)) {
+					} else if (name.equals(AUTHENTICATIONHOLDERS)) {
-					readAuthenticationHolders(reader);
+						readAuthenticationHolders(reader);
-				} else if (name.equals(ACCESSTOKENS)) {
+					} else if (name.equals(ACCESSTOKENS)) {
-					readAccessTokens(reader);
+						readAccessTokens(reader);
-				} else if (name.equals(REFRESHTOKENS)) {
+					} else if (name.equals(REFRESHTOKENS)) {
-					readRefreshTokens(reader);
+						readRefreshTokens(reader);
-				} else if (name.equals(SYSTEMSCOPES)) {
+					} else if (name.equals(SYSTEMSCOPES)) {
-					readSystemScopes(reader);
+						readSystemScopes(reader);
-				} else {
+					} else {
-					for (MITREidDataServiceExtension extension : extensions) {
+						for (MITREidDataServiceExtension extension : extensions) {
-						if (extension.supportsVersion(THIS_VERSION)) {
+							if (extension.supportsVersion(THIS_VERSION)) {
-							extension.importExtensionData(name, reader);
+								extension.importExtensionData(name, reader);
-							break;
+								break;
+							}
 						}
+						// unknown token, skip it
+						reader.skipValue();
 					}
-					// unknown token, skip it
+					break;
+				case END_OBJECT:
+					// the object ended, we're done here
+					reader.endObject();
+					continue;
+				default:
+					logger.debug("Found unexpected entry");
 					reader.skipValue();
-				}
+					continue;
-				break;
-			case END_OBJECT:
-				// the object ended, we're done here
-				reader.endObject();
-				continue;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 		fixObjectReferences();
@@ -268,37 +263,37 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			Long authHolderId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(EXPIRATION)) {
+						} else if (name.equals(EXPIRATION)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals(VALUE)) {
+						} else if (name.equals(VALUE)) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals(CLIENT_ID)) {
+							clientId = reader.nextString();
+						} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
+							authHolderId = reader.nextLong();
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals(CLIENT_ID)) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
-						authHolderId = reader.nextLong();
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -330,45 +325,45 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			Long refreshTokenId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(EXPIRATION)) {
+						} else if (name.equals(EXPIRATION)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals(VALUE)) {
+						} else if (name.equals(VALUE)) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							// all tokens are JWTs
+								// all tokens are JWTs
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals(CLIENT_ID)) {
+							clientId = reader.nextString();
+						} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
+							authHolderId = reader.nextLong();
+						} else if (name.equals(REFRESH_TOKEN_ID)) {
+							refreshTokenId = reader.nextLong();
+						} else if (name.equals(SCOPE)) {
+							Set<String> scope = readSet(reader);
+							token.setScope(scope);
+						} else if (name.equals(TYPE)) {
+							token.setTokenType(reader.nextString());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals(CLIENT_ID)) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
-						authHolderId = reader.nextLong();
-					} else if (name.equals(REFRESH_TOKEN_ID)) {
-						refreshTokenId = reader.nextLong();
-					} else if (name.equals(SCOPE)) {
-						Set<String> scope = readSet(reader);
-						token.setScope(scope);
-					} else if (name.equals(TYPE)) {
-						token.setTokenType(reader.nextString());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -396,49 +391,49 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			Long currentId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(REQUEST_PARAMETERS)) {
+						} else if (name.equals(REQUEST_PARAMETERS)) {
-						ahe.setRequestParameters(readMap(reader));
+							ahe.setRequestParameters(readMap(reader));
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						ahe.setClientId(reader.nextString());
+							ahe.setClientId(reader.nextString());
-					} else if (name.equals(SCOPE)) {
+						} else if (name.equals(SCOPE)) {
-						ahe.setScope(readSet(reader));
+							ahe.setScope(readSet(reader));
-					} else if (name.equals(RESOURCE_IDS)) {
+						} else if (name.equals(RESOURCE_IDS)) {
-						ahe.setResourceIds(readSet(reader));
+							ahe.setResourceIds(readSet(reader));
-					} else if (name.equals(AUTHORITIES)) {
+						} else if (name.equals(AUTHORITIES)) {
-						Set<String> authorityStrs = readSet(reader);
+							Set<String> authorityStrs = readSet(reader);
-						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+							Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-						for (String s : authorityStrs) {
+							for (String s : authorityStrs) {
-							GrantedAuthority ga = new SimpleGrantedAuthority(s);
+								GrantedAuthority ga = new SimpleGrantedAuthority(s);
-							authorities.add(ga);
+								authorities.add(ga);
+							}
+							ahe.setAuthorities(authorities);
+						} else if (name.equals(APPROVED)) {
+							ahe.setApproved(reader.nextBoolean());
+						} else if (name.equals(REDIRECT_URI)) {
+							ahe.setRedirectUri(reader.nextString());
+						} else if (name.equals(RESPONSE_TYPES)) {
+							ahe.setResponseTypes(readSet(reader));
+						} else if (name.equals(EXTENSIONS)) {
+							ahe.setExtensions(readMap(reader));
+						} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
+							ahe.setUserAuth(readSavedUserAuthentication(reader));
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						ahe.setAuthorities(authorities);
+						break;
-					} else if (name.equals(APPROVED)) {
+					default:
-						ahe.setApproved(reader.nextBoolean());
-					} else if (name.equals(REDIRECT_URI)) {
-						ahe.setRedirectUri(reader.nextString());
-					} else if (name.equals(RESPONSE_TYPES)) {
-						ahe.setResponseTypes(readSet(reader));
-					} else if (name.equals(EXTENSIONS)) {
-						ahe.setExtensions(readMap(reader));
-					} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
-						ahe.setUserAuth(readSavedUserAuthentication(reader));
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -461,35 +456,35 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
-			case END_OBJECT:
+				case END_OBJECT:
-				continue;
+					continue;
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				if (reader.peek() == JsonToken.NULL) {
+					if (reader.peek() == JsonToken.NULL) {
-					reader.skipValue();
+						reader.skipValue();
-				} else if (name.equals(NAME)) {
+					} else if (name.equals(NAME)) {
-					savedUserAuth.setName(reader.nextString());
+						savedUserAuth.setName(reader.nextString());
-				} else if (name.equals(SOURCE_CLASS)) {
+					} else if (name.equals(SOURCE_CLASS)) {
-					savedUserAuth.setSourceClass(reader.nextString());
+						savedUserAuth.setSourceClass(reader.nextString());
-				} else if (name.equals(AUTHENTICATED)) {
+					} else if (name.equals(AUTHENTICATED)) {
-					savedUserAuth.setAuthenticated(reader.nextBoolean());
+						savedUserAuth.setAuthenticated(reader.nextBoolean());
-				} else if (name.equals(AUTHORITIES)) {
+					} else if (name.equals(AUTHORITIES)) {
-					Set<String> authorityStrs = readSet(reader);
+						Set<String> authorityStrs = readSet(reader);
-					Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-					for (String s : authorityStrs) {
+						for (String s : authorityStrs) {
-						GrantedAuthority ga = new SimpleGrantedAuthority(s);
+							GrantedAuthority ga = new SimpleGrantedAuthority(s);
-						authorities.add(ga);
+							authorities.add(ga);
+						}
+						savedUserAuth.setAuthorities(authorities);
+					} else {
+						logger.debug("Found unexpected entry");
+						reader.skipValue();
 					}
-					savedUserAuth.setAuthorities(authorities);
+					break;
-				} else {
+				default:
 					logger.debug("Found unexpected entry");
 					reader.skipValue();
-				}
+					continue;
-				break;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 
@@ -510,41 +505,41 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(ACCESS_DATE)) {
+						} else if (name.equals(ACCESS_DATE)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setAccessDate(date);
+							site.setAccessDate(date);
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						site.setClientId(reader.nextString());
+							site.setClientId(reader.nextString());
-					} else if (name.equals(CREATION_DATE)) {
+						} else if (name.equals(CREATION_DATE)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setCreationDate(date);
+							site.setCreationDate(date);
-					} else if (name.equals(TIMEOUT_DATE)) {
+						} else if (name.equals(TIMEOUT_DATE)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setTimeoutDate(date);
+							site.setTimeoutDate(date);
-					} else if (name.equals(USER_ID)) {
+						} else if (name.equals(USER_ID)) {
-						site.setUserId(reader.nextString());
+							site.setUserId(reader.nextString());
-					} else if (name.equals(ALLOWED_SCOPES)) {
+						} else if (name.equals(ALLOWED_SCOPES)) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						site.setAllowedScopes(allowedScopes);
+							site.setAllowedScopes(allowedScopes);
-					} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
+						} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
-						tokenIds = readSet(reader);
+							tokenIds = readSet(reader);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -570,28 +565,28 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals(ID)) {
+						if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						wlSite.setClientId(reader.nextString());
+							wlSite.setClientId(reader.nextString());
-					} else if (name.equals(CREATOR_USER_ID)) {
+						} else if (name.equals(CREATOR_USER_ID)) {
-						wlSite.setCreatorUserId(reader.nextString());
+							wlSite.setCreatorUserId(reader.nextString());
-					} else if (name.equals(ALLOWED_SCOPES)) {
+						} else if (name.equals(ALLOWED_SCOPES)) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						wlSite.setAllowedScopes(allowedScopes);
+							wlSite.setAllowedScopes(allowedScopes);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -613,23 +608,23 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals(ID)) {
+						if (name.equals(ID)) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(URI)) {
+						} else if (name.equals(URI)) {
-						blSite.setUri(reader.nextString());
+							blSite.setUri(reader.nextString());
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -650,136 +645,136 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						client.setClientId(reader.nextString());
+							client.setClientId(reader.nextString());
-					} else if (name.equals(RESOURCE_IDS)) {
+						} else if (name.equals(RESOURCE_IDS)) {
-						Set<String> resourceIds = readSet(reader);
+							Set<String> resourceIds = readSet(reader);
-						client.setResourceIds(resourceIds);
+							client.setResourceIds(resourceIds);
-					} else if (name.equals(SECRET)) {
+						} else if (name.equals(SECRET)) {
-						client.setClientSecret(reader.nextString());
+							client.setClientSecret(reader.nextString());
-					} else if (name.equals(SCOPE)) {
+						} else if (name.equals(SCOPE)) {
-						Set<String> scope = readSet(reader);
+							Set<String> scope = readSet(reader);
-						client.setScope(scope);
+							client.setScope(scope);
-					} else if (name.equals(AUTHORITIES)) {
+						} else if (name.equals(AUTHORITIES)) {
-						Set<String> authorityStrs = readSet(reader);
+							Set<String> authorityStrs = readSet(reader);
-						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+							Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-						for (String s : authorityStrs) {
+							for (String s : authorityStrs) {
-							GrantedAuthority ga = new SimpleGrantedAuthority(s);
+								GrantedAuthority ga = new SimpleGrantedAuthority(s);
-							authorities.add(ga);
+								authorities.add(ga);
+							}
+							client.setAuthorities(authorities);
+						} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
+							client.setAccessTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
+							client.setRefreshTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals(REDIRECT_URIS)) {
+							Set<String> redirectUris = readSet(reader);
+							client.setRedirectUris(redirectUris);
+						} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
+							Set<String> claimsRedirectUris = readSet(reader);
+							client.setClaimsRedirectUris(claimsRedirectUris);
+						} else if (name.equals(NAME)) {
+							client.setClientName(reader.nextString());
+						} else if (name.equals(URI)) {
+							client.setClientUri(reader.nextString());
+						} else if (name.equals(LOGO_URI)) {
+							client.setLogoUri(reader.nextString());
+						} else if (name.equals(CONTACTS)) {
+							Set<String> contacts = readSet(reader);
+							client.setContacts(contacts);
+						} else if (name.equals(TOS_URI)) {
+							client.setTosUri(reader.nextString());
+						} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
+							AuthMethod am = AuthMethod.getByValue(reader.nextString());
+							client.setTokenEndpointAuthMethod(am);
+						} else if (name.equals(GRANT_TYPES)) {
+							Set<String> grantTypes = readSet(reader);
+							client.setGrantTypes(grantTypes);
+						} else if (name.equals(RESPONSE_TYPES)) {
+							Set<String> responseTypes = readSet(reader);
+							client.setResponseTypes(responseTypes);
+						} else if (name.equals(POLICY_URI)) {
+							client.setPolicyUri(reader.nextString());
+						} else if (name.equals(APPLICATION_TYPE)) {
+							AppType appType = AppType.getByValue(reader.nextString());
+							client.setApplicationType(appType);
+						} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
+							client.setSectorIdentifierUri(reader.nextString());
+						} else if (name.equals(SUBJECT_TYPE)) {
+							SubjectType st = SubjectType.getByValue(reader.nextString());
+							client.setSubjectType(st);
+						} else if (name.equals(JWKS_URI)) {
+							client.setJwksUri(reader.nextString());
+						} else if (name.equals(JWKS)) {
+							try {
+								client.setJwks(JWKSet.parse(reader.nextString()));
+							} catch (ParseException e) {
+								logger.error("Couldn't parse JWK Set", e);
+							}
+						} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setRequestObjectSigningAlg(alg);
+						} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseAlg(alg);
+						} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseEnc(alg);
+						} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setUserInfoSignedResponseAlg(alg);
+						} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setIdTokenSignedResponseAlg(alg);
+						} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseAlg(alg);
+						} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseEnc(alg);
+						} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setTokenEndpointAuthSigningAlg(alg);
+						} else if (name.equals(DEFAULT_MAX_AGE)) {
+							client.setDefaultMaxAge(reader.nextInt());
+						} else if (name.equals(REQUIRE_AUTH_TIME)) {
+							client.setRequireAuthTime(reader.nextBoolean());
+						} else if (name.equals(DEFAULT_ACR_VALUES)) {
+							Set<String> defaultACRvalues = readSet(reader);
+							client.setDefaultACRvalues(defaultACRvalues);
+						} else if (name.equals("initiateLoginUri")) {
+							client.setInitiateLoginUri(reader.nextString());
+						} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
+							Set<String> postLogoutUris = readSet(reader);
+							client.setPostLogoutRedirectUris(postLogoutUris);
+						} else if (name.equals(REQUEST_URIS)) {
+							Set<String> requestUris = readSet(reader);
+							client.setRequestUris(requestUris);
+						} else if (name.equals(DESCRIPTION)) {
+							client.setClientDescription(reader.nextString());
+						} else if (name.equals(ALLOW_INTROSPECTION)) {
+							client.setAllowIntrospection(reader.nextBoolean());
+						} else if (name.equals(REUSE_REFRESH_TOKEN)) {
+							client.setReuseRefreshToken(reader.nextBoolean());
+						} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
+							client.setClearAccessTokensOnRefresh(reader.nextBoolean());
+						} else if (name.equals(DYNAMICALLY_REGISTERED)) {
+							client.setDynamicallyRegistered(reader.nextBoolean());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						client.setAuthorities(authorities);
+						break;
-					} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
+					default:
-						client.setAccessTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
-						client.setRefreshTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals(REDIRECT_URIS)) {
-						Set<String> redirectUris = readSet(reader);
-						client.setRedirectUris(redirectUris);
-					} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
-						Set<String> claimsRedirectUris = readSet(reader);
-						client.setClaimsRedirectUris(claimsRedirectUris);
-					} else if (name.equals(NAME)) {
-						client.setClientName(reader.nextString());
-					} else if (name.equals(URI)) {
-						client.setClientUri(reader.nextString());
-					} else if (name.equals(LOGO_URI)) {
-						client.setLogoUri(reader.nextString());
-					} else if (name.equals(CONTACTS)) {
-						Set<String> contacts = readSet(reader);
-						client.setContacts(contacts);
-					} else if (name.equals(TOS_URI)) {
-						client.setTosUri(reader.nextString());
-					} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
-						AuthMethod am = AuthMethod.getByValue(reader.nextString());
-						client.setTokenEndpointAuthMethod(am);
-					} else if (name.equals(GRANT_TYPES)) {
-						Set<String> grantTypes = readSet(reader);
-						client.setGrantTypes(grantTypes);
-					} else if (name.equals(RESPONSE_TYPES)) {
-						Set<String> responseTypes = readSet(reader);
-						client.setResponseTypes(responseTypes);
-					} else if (name.equals(POLICY_URI)) {
-						client.setPolicyUri(reader.nextString());
-					} else if (name.equals(APPLICATION_TYPE)) {
-						AppType appType = AppType.getByValue(reader.nextString());
-						client.setApplicationType(appType);
-					} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
-						client.setSectorIdentifierUri(reader.nextString());
-					} else if (name.equals(SUBJECT_TYPE)) {
-						SubjectType st = SubjectType.getByValue(reader.nextString());
-						client.setSubjectType(st);
-					} else if (name.equals(JWKS_URI)) {
-						client.setJwksUri(reader.nextString());
-					} else if (name.equals(JWKS)) {
-						try {
-							client.setJwks(JWKSet.parse(reader.nextString()));
-						} catch (ParseException e) {
-							logger.error("Couldn't parse JWK Set", e);
-						}
-					} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setRequestObjectSigningAlg(alg);
-					} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseAlg(alg);
-					} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseEnc(alg);
-					} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setUserInfoSignedResponseAlg(alg);
-					} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setIdTokenSignedResponseAlg(alg);
-					} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseAlg(alg);
-					} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseEnc(alg);
-					} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setTokenEndpointAuthSigningAlg(alg);
-					} else if (name.equals(DEFAULT_MAX_AGE)) {
-						client.setDefaultMaxAge(reader.nextInt());
-					} else if (name.equals(REQUIRE_AUTH_TIME)) {
-						client.setRequireAuthTime(reader.nextBoolean());
-					} else if (name.equals(DEFAULT_ACR_VALUES)) {
-						Set<String> defaultACRvalues = readSet(reader);
-						client.setDefaultACRvalues(defaultACRvalues);
-					} else if (name.equals("initiateLoginUri")) {
-						client.setInitiateLoginUri(reader.nextString());
-					} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
-						Set<String> postLogoutUris = readSet(reader);
-						client.setPostLogoutRedirectUris(postLogoutUris);
-					} else if (name.equals(REQUEST_URIS)) {
-						Set<String> requestUris = readSet(reader);
-						client.setRequestUris(requestUris);
-					} else if (name.equals(DESCRIPTION)) {
-						client.setClientDescription(reader.nextString());
-					} else if (name.equals(ALLOW_INTROSPECTION)) {
-						client.setAllowIntrospection(reader.nextBoolean());
-					} else if (name.equals(REUSE_REFRESH_TOKEN)) {
-						client.setReuseRefreshToken(reader.nextBoolean());
-					} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
-						client.setClearAccessTokensOnRefresh(reader.nextBoolean());
-					} else if (name.equals(DYNAMICALLY_REGISTERED)) {
-						client.setDynamicallyRegistered(reader.nextBoolean());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -803,35 +798,35 @@ public class MITREidDataService_1_2 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
+							reader.skipValue();
+						} else if (name.equals(VALUE)) {
+							scope.setValue(reader.nextString());
+						} else if (name.equals(DESCRIPTION)) {
+							scope.setDescription(reader.nextString());
+						} else if (name.equals(RESTRICTED)) {
+							scope.setRestricted(reader.nextBoolean());
+						} else if (name.equals(DEFAULT_SCOPE)) {
+							scope.setDefaultScope(reader.nextBoolean());
+						} else if (name.equals(ICON)) {
+							scope.setIcon(reader.nextString());
+						} else if (name.equals(STRUCTURED)) {
+							logger.warn("Found a structured scope, ignoring structure");
+						} else if (name.equals(STRUCTURED_PARAMETER)) {
+							logger.warn("Found a structured scope, ignoring structure");
+						} else {
+							logger.debug("found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
+						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					} else if (name.equals(VALUE)) {
+						continue;
-						scope.setValue(reader.nextString());
-					} else if (name.equals(DESCRIPTION)) {
-						scope.setDescription(reader.nextString());
-					} else if (name.equals(RESTRICTED)) {
-						scope.setRestricted(reader.nextBoolean());
-					} else if (name.equals(DEFAULT_SCOPE)) {
-						scope.setDefaultScope(reader.nextBoolean());
-					} else if (name.equals(ICON)) {
-						scope.setIcon(reader.nextString());
-					} else if (name.equals(STRUCTURED)) {
-						logger.warn("Found a structured scope, ignoring structure");
-					} else if (name.equals(STRUCTURED_PARAMETER)) {
-						logger.warn("Found a structured scope, ignoring structure");
-					} else {
-						logger.debug("found unexpected entry");
-						reader.skipValue();
-					}
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();

openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_3.java

@@ -574,51 +574,51 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 		while (reader.hasNext()) {
 			JsonToken tok = reader.peek();
 			switch (tok) {
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				// find out which member it is
+					// find out which member it is
-				if (name.equals(CLIENTS)) {
+					if (name.equals(CLIENTS)) {
-					readClients(reader);
+						readClients(reader);
-				} else if (name.equals(GRANTS)) {
+					} else if (name.equals(GRANTS)) {
-					readGrants(reader);
+						readGrants(reader);
-				} else if (name.equals(WHITELISTEDSITES)) {
+					} else if (name.equals(WHITELISTEDSITES)) {
-					readWhitelistedSites(reader);
+						readWhitelistedSites(reader);
-				} else if (name.equals(BLACKLISTEDSITES)) {
+					} else if (name.equals(BLACKLISTEDSITES)) {
-					readBlacklistedSites(reader);
+						readBlacklistedSites(reader);
-				} else if (name.equals(AUTHENTICATIONHOLDERS)) {
+					} else if (name.equals(AUTHENTICATIONHOLDERS)) {
-					readAuthenticationHolders(reader);
+						readAuthenticationHolders(reader);
-				} else if (name.equals(ACCESSTOKENS)) {
+					} else if (name.equals(ACCESSTOKENS)) {
-					readAccessTokens(reader);
+						readAccessTokens(reader);
-				} else if (name.equals(REFRESHTOKENS)) {
+					} else if (name.equals(REFRESHTOKENS)) {
-					readRefreshTokens(reader);
+						readRefreshTokens(reader);
-				} else if (name.equals(SYSTEMSCOPES)) {
+					} else if (name.equals(SYSTEMSCOPES)) {
-					readSystemScopes(reader);
+						readSystemScopes(reader);
-				} else {
+					} else {
-					boolean processed = false;
+						boolean processed = false;
-					for (MITREidDataServiceExtension extension : extensions) {
+						for (MITREidDataServiceExtension extension : extensions) {
-						if (extension.supportsVersion(THIS_VERSION)) {							
+							if (extension.supportsVersion(THIS_VERSION)) {
-							processed = extension.importExtensionData(name, reader);
+								processed = extension.importExtensionData(name, reader);
-							if (processed) {
+								if (processed) {
-								// if the extension processed data, break out of this inner loop
+									// if the extension processed data, break out of this inner loop
-								// (only the first extension to claim an extension point gets it)
+									// (only the first extension to claim an extension point gets it)
-								break;
+									break;
+								}
 							}
 						}
+						if (!processed) {
+							// unknown token, skip it
+							reader.skipValue();
+						}
 					}
-					if (!processed) {
+					break;
-						// unknown token, skip it
+				case END_OBJECT:
-						reader.skipValue();
+					// the object ended, we're done here
-					}
+					reader.endObject();
-				}
+					continue;
-				break;
+				default:
-			case END_OBJECT:
+					logger.debug("Found unexpected entry");
-				// the object ended, we're done here
+					reader.skipValue();
-				reader.endObject();
+					continue;
-				continue;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 		fixObjectReferences();
@@ -649,37 +649,37 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			Long authHolderId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(EXPIRATION)) {
+						} else if (name.equals(EXPIRATION)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals(VALUE)) {
+						} else if (name.equals(VALUE)) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals(CLIENT_ID)) {
+							clientId = reader.nextString();
+						} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
+							authHolderId = reader.nextLong();
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals(CLIENT_ID)) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
-						authHolderId = reader.nextLong();
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -711,45 +711,45 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			Long refreshTokenId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(EXPIRATION)) {
+						} else if (name.equals(EXPIRATION)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						token.setExpiration(date);
+							token.setExpiration(date);
-					} else if (name.equals(VALUE)) {
+						} else if (name.equals(VALUE)) {
-						String value = reader.nextString();
+							String value = reader.nextString();
-						try {
+							try {
-							// all tokens are JWTs
+								// all tokens are JWTs
-							token.setJwt(JWTParser.parse(value));
+								token.setJwt(JWTParser.parse(value));
-						} catch (ParseException ex) {
+							} catch (ParseException ex) {
-							logger.error("Unable to set refresh token value to {}", value, ex);
+								logger.error("Unable to set refresh token value to {}", value, ex);
+							}
+						} else if (name.equals(CLIENT_ID)) {
+							clientId = reader.nextString();
+						} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
+							authHolderId = reader.nextLong();
+						} else if (name.equals(REFRESH_TOKEN_ID)) {
+							refreshTokenId = reader.nextLong();
+						} else if (name.equals(SCOPE)) {
+							Set<String> scope = readSet(reader);
+							token.setScope(scope);
+						} else if (name.equals(TYPE)) {
+							token.setTokenType(reader.nextString());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-					} else if (name.equals(CLIENT_ID)) {
+						break;
-						clientId = reader.nextString();
+					default:
-					} else if (name.equals(AUTHENTICATION_HOLDER_ID)) {
-						authHolderId = reader.nextLong();
-					} else if (name.equals(REFRESH_TOKEN_ID)) {
-						refreshTokenId = reader.nextLong();
-					} else if (name.equals(SCOPE)) {
-						Set<String> scope = readSet(reader);
-						token.setScope(scope);
-					} else if (name.equals(TYPE)) {
-						token.setTokenType(reader.nextString());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -777,49 +777,49 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			Long currentId = null;
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(REQUEST_PARAMETERS)) {
+						} else if (name.equals(REQUEST_PARAMETERS)) {
-						ahe.setRequestParameters(readMap(reader));
+							ahe.setRequestParameters(readMap(reader));
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						ahe.setClientId(reader.nextString());
+							ahe.setClientId(reader.nextString());
-					} else if (name.equals(SCOPE)) {
+						} else if (name.equals(SCOPE)) {
-						ahe.setScope(readSet(reader));
+							ahe.setScope(readSet(reader));
-					} else if (name.equals(RESOURCE_IDS)) {
+						} else if (name.equals(RESOURCE_IDS)) {
-						ahe.setResourceIds(readSet(reader));
+							ahe.setResourceIds(readSet(reader));
-					} else if (name.equals(AUTHORITIES)) {
+						} else if (name.equals(AUTHORITIES)) {
-						Set<String> authorityStrs = readSet(reader);
+							Set<String> authorityStrs = readSet(reader);
-						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+							Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-						for (String s : authorityStrs) {
+							for (String s : authorityStrs) {
-							GrantedAuthority ga = new SimpleGrantedAuthority(s);
+								GrantedAuthority ga = new SimpleGrantedAuthority(s);
-							authorities.add(ga);
+								authorities.add(ga);
+							}
+							ahe.setAuthorities(authorities);
+						} else if (name.equals(APPROVED)) {
+							ahe.setApproved(reader.nextBoolean());
+						} else if (name.equals(REDIRECT_URI)) {
+							ahe.setRedirectUri(reader.nextString());
+						} else if (name.equals(RESPONSE_TYPES)) {
+							ahe.setResponseTypes(readSet(reader));
+						} else if (name.equals(EXTENSIONS)) {
+							ahe.setExtensions(readMap(reader));
+						} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
+							ahe.setUserAuth(readSavedUserAuthentication(reader));
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						ahe.setAuthorities(authorities);
+						break;
-					} else if (name.equals(APPROVED)) {
+					default:
-						ahe.setApproved(reader.nextBoolean());
-					} else if (name.equals(REDIRECT_URI)) {
-						ahe.setRedirectUri(reader.nextString());
-					} else if (name.equals(RESPONSE_TYPES)) {
-						ahe.setResponseTypes(readSet(reader));
-					} else if (name.equals(EXTENSIONS)) {
-						ahe.setExtensions(readMap(reader));
-					} else if (name.equals(SAVED_USER_AUTHENTICATION)) {
-						ahe.setUserAuth(readSavedUserAuthentication(reader));
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -842,35 +842,35 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 
 		while (reader.hasNext()) {
 			switch(reader.peek()) {
-			case END_OBJECT:
+				case END_OBJECT:
-				continue;
+					continue;
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
-				if (reader.peek() == JsonToken.NULL) {
+					if (reader.peek() == JsonToken.NULL) {
-					reader.skipValue();
+						reader.skipValue();
-				} else if (name.equals(NAME)) {
+					} else if (name.equals(NAME)) {
-					savedUserAuth.setName(reader.nextString());
+						savedUserAuth.setName(reader.nextString());
-				} else if (name.equals(SOURCE_CLASS)) {
+					} else if (name.equals(SOURCE_CLASS)) {
-					savedUserAuth.setSourceClass(reader.nextString());
+						savedUserAuth.setSourceClass(reader.nextString());
-				} else if (name.equals(AUTHENTICATED)) {
+					} else if (name.equals(AUTHENTICATED)) {
-					savedUserAuth.setAuthenticated(reader.nextBoolean());
+						savedUserAuth.setAuthenticated(reader.nextBoolean());
-				} else if (name.equals(AUTHORITIES)) {
+					} else if (name.equals(AUTHORITIES)) {
-					Set<String> authorityStrs = readSet(reader);
+						Set<String> authorityStrs = readSet(reader);
-					Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-					for (String s : authorityStrs) {
+						for (String s : authorityStrs) {
-						GrantedAuthority ga = new SimpleGrantedAuthority(s);
+							GrantedAuthority ga = new SimpleGrantedAuthority(s);
-						authorities.add(ga);
+							authorities.add(ga);
+						}
+						savedUserAuth.setAuthorities(authorities);
+					} else {
+						logger.debug("Found unexpected entry");
+						reader.skipValue();
 					}
-					savedUserAuth.setAuthorities(authorities);
+					break;
-				} else {
+				default:
 					logger.debug("Found unexpected entry");
 					reader.skipValue();
-				}
+					continue;
-				break;
-			default:
-				logger.debug("Found unexpected entry");
-				reader.skipValue();
-				continue;
 			}
 		}
 
@@ -891,41 +891,41 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(ACCESS_DATE)) {
+						} else if (name.equals(ACCESS_DATE)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setAccessDate(date);
+							site.setAccessDate(date);
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						site.setClientId(reader.nextString());
+							site.setClientId(reader.nextString());
-					} else if (name.equals(CREATION_DATE)) {
+						} else if (name.equals(CREATION_DATE)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setCreationDate(date);
+							site.setCreationDate(date);
-					} else if (name.equals(TIMEOUT_DATE)) {
+						} else if (name.equals(TIMEOUT_DATE)) {
-						Date date = utcToDate(reader.nextString());
+							Date date = utcToDate(reader.nextString());
-						site.setTimeoutDate(date);
+							site.setTimeoutDate(date);
-					} else if (name.equals(USER_ID)) {
+						} else if (name.equals(USER_ID)) {
-						site.setUserId(reader.nextString());
+							site.setUserId(reader.nextString());
-					} else if (name.equals(ALLOWED_SCOPES)) {
+						} else if (name.equals(ALLOWED_SCOPES)) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						site.setAllowedScopes(allowedScopes);
+							site.setAllowedScopes(allowedScopes);
-					} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
+						} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
-						tokenIds = readSet(reader);
+							tokenIds = readSet(reader);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -952,28 +952,28 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals(ID)) {
+						if (name.equals(ID)) {
-						currentId = reader.nextLong();
+							currentId = reader.nextLong();
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						wlSite.setClientId(reader.nextString());
+							wlSite.setClientId(reader.nextString());
-					} else if (name.equals(CREATOR_USER_ID)) {
+						} else if (name.equals(CREATOR_USER_ID)) {
-						wlSite.setCreatorUserId(reader.nextString());
+							wlSite.setCreatorUserId(reader.nextString());
-					} else if (name.equals(ALLOWED_SCOPES)) {
+						} else if (name.equals(ALLOWED_SCOPES)) {
-						Set<String> allowedScopes = readSet(reader);
+							Set<String> allowedScopes = readSet(reader);
-						wlSite.setAllowedScopes(allowedScopes);
+							wlSite.setAllowedScopes(allowedScopes);
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -995,23 +995,23 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (name.equals(ID)) {
+						if (name.equals(ID)) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(URI)) {
+						} else if (name.equals(URI)) {
-						blSite.setUri(reader.nextString());
+							blSite.setUri(reader.nextString());
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -1032,152 +1032,152 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						client.setClientId(reader.nextString());
+							client.setClientId(reader.nextString());
-					} else if (name.equals(RESOURCE_IDS)) {
+						} else if (name.equals(RESOURCE_IDS)) {
-						Set<String> resourceIds = readSet(reader);
+							Set<String> resourceIds = readSet(reader);
-						client.setResourceIds(resourceIds);
+							client.setResourceIds(resourceIds);
-					} else if (name.equals(SECRET)) {
+						} else if (name.equals(SECRET)) {
-						client.setClientSecret(reader.nextString());
+							client.setClientSecret(reader.nextString());
-					} else if (name.equals(SCOPE)) {
+						} else if (name.equals(SCOPE)) {
-						Set<String> scope = readSet(reader);
+							Set<String> scope = readSet(reader);
-						client.setScope(scope);
+							client.setScope(scope);
-					} else if (name.equals(AUTHORITIES)) {
+						} else if (name.equals(AUTHORITIES)) {
-						Set<String> authorityStrs = readSet(reader);
+							Set<String> authorityStrs = readSet(reader);
-						Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
+							Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
-						for (String s : authorityStrs) {
+							for (String s : authorityStrs) {
-							GrantedAuthority ga = new SimpleGrantedAuthority(s);
+								GrantedAuthority ga = new SimpleGrantedAuthority(s);
-							authorities.add(ga);
+								authorities.add(ga);
+							}
+							client.setAuthorities(authorities);
+						} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
+							client.setAccessTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
+							client.setRefreshTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals(ID_TOKEN_VALIDITY_SECONDS)) {
+							client.setIdTokenValiditySeconds(reader.nextInt());
+						} else if (name.equals(DEVICE_CODE_VALIDITY_SECONDS)) {
+							client.setDeviceCodeValiditySeconds(reader.nextInt());
+						} else if (name.equals(REDIRECT_URIS)) {
+							Set<String> redirectUris = readSet(reader);
+							client.setRedirectUris(redirectUris);
+						} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
+							Set<String> claimsRedirectUris = readSet(reader);
+							client.setClaimsRedirectUris(claimsRedirectUris);
+						} else if (name.equals(NAME)) {
+							client.setClientName(reader.nextString());
+						} else if (name.equals(URI)) {
+							client.setClientUri(reader.nextString());
+						} else if (name.equals(LOGO_URI)) {
+							client.setLogoUri(reader.nextString());
+						} else if (name.equals(CONTACTS)) {
+							Set<String> contacts = readSet(reader);
+							client.setContacts(contacts);
+						} else if (name.equals(TOS_URI)) {
+							client.setTosUri(reader.nextString());
+						} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
+							AuthMethod am = AuthMethod.getByValue(reader.nextString());
+							client.setTokenEndpointAuthMethod(am);
+						} else if (name.equals(GRANT_TYPES)) {
+							Set<String> grantTypes = readSet(reader);
+							client.setGrantTypes(grantTypes);
+						} else if (name.equals(RESPONSE_TYPES)) {
+							Set<String> responseTypes = readSet(reader);
+							client.setResponseTypes(responseTypes);
+						} else if (name.equals(POLICY_URI)) {
+							client.setPolicyUri(reader.nextString());
+						} else if (name.equals(APPLICATION_TYPE)) {
+							AppType appType = AppType.getByValue(reader.nextString());
+							client.setApplicationType(appType);
+						} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
+							client.setSectorIdentifierUri(reader.nextString());
+						} else if (name.equals(SUBJECT_TYPE)) {
+							SubjectType st = SubjectType.getByValue(reader.nextString());
+							client.setSubjectType(st);
+						} else if (name.equals(JWKS_URI)) {
+							client.setJwksUri(reader.nextString());
+						} else if (name.equals(JWKS)) {
+							try {
+								client.setJwks(JWKSet.parse(reader.nextString()));
+							} catch (ParseException e) {
+								logger.error("Couldn't parse JWK Set", e);
+							}
+						} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setRequestObjectSigningAlg(alg);
+						} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseAlg(alg);
+						} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setUserInfoEncryptedResponseEnc(alg);
+						} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setUserInfoSignedResponseAlg(alg);
+						} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setIdTokenSignedResponseAlg(alg);
+						} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
+							JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseAlg(alg);
+						} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
+							EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
+							client.setIdTokenEncryptedResponseEnc(alg);
+						} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
+							JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
+							client.setTokenEndpointAuthSigningAlg(alg);
+						} else if (name.equals(DEFAULT_MAX_AGE)) {
+							client.setDefaultMaxAge(reader.nextInt());
+						} else if (name.equals(REQUIRE_AUTH_TIME)) {
+							client.setRequireAuthTime(reader.nextBoolean());
+						} else if (name.equals(DEFAULT_ACR_VALUES)) {
+							Set<String> defaultACRvalues = readSet(reader);
+							client.setDefaultACRvalues(defaultACRvalues);
+						} else if (name.equals("initiateLoginUri")) {
+							client.setInitiateLoginUri(reader.nextString());
+						} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
+							Set<String> postLogoutUris = readSet(reader);
+							client.setPostLogoutRedirectUris(postLogoutUris);
+						} else if (name.equals(REQUEST_URIS)) {
+							Set<String> requestUris = readSet(reader);
+							client.setRequestUris(requestUris);
+						} else if (name.equals(DESCRIPTION)) {
+							client.setClientDescription(reader.nextString());
+						} else if (name.equals(ALLOW_INTROSPECTION)) {
+							client.setAllowIntrospection(reader.nextBoolean());
+						} else if (name.equals(REUSE_REFRESH_TOKEN)) {
+							client.setReuseRefreshToken(reader.nextBoolean());
+						} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
+							client.setClearAccessTokensOnRefresh(reader.nextBoolean());
+						} else if (name.equals(DYNAMICALLY_REGISTERED)) {
+							client.setDynamicallyRegistered(reader.nextBoolean());
+						} else if (name.equals(CODE_CHALLENGE_METHOD)) {
+							client.setCodeChallengeMethod(PKCEAlgorithm.parse(reader.nextString()));
+						} else if (name.equals(SOFTWARE_ID)) {
+							client.setSoftwareId(reader.nextString());
+						} else if (name.equals(SOFTWARE_VERSION)) {
+							client.setSoftwareVersion(reader.nextString());
+						} else if (name.equals(SOFTWARE_STATEMENT)) {
+							try {
+								client.setSoftwareStatement(JWTParser.parse(reader.nextString()));
+							} catch (ParseException e) {
+								logger.error("Couldn't parse software statement", e);
+							}
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						client.setAuthorities(authorities);
+						break;
-					} else if (name.equals(ACCESS_TOKEN_VALIDITY_SECONDS)) {
+					default:
-						client.setAccessTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals(REFRESH_TOKEN_VALIDITY_SECONDS)) {
-						client.setRefreshTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals(ID_TOKEN_VALIDITY_SECONDS)) {
-						client.setIdTokenValiditySeconds(reader.nextInt());
-					} else if (name.equals(DEVICE_CODE_VALIDITY_SECONDS)) {
-						client.setDeviceCodeValiditySeconds(reader.nextInt());
-					} else if (name.equals(REDIRECT_URIS)) {
-						Set<String> redirectUris = readSet(reader);
-						client.setRedirectUris(redirectUris);
-					} else if (name.equals(CLAIMS_REDIRECT_URIS)) {
-						Set<String> claimsRedirectUris = readSet(reader);
-						client.setClaimsRedirectUris(claimsRedirectUris);
-					} else if (name.equals(NAME)) {
-						client.setClientName(reader.nextString());
-					} else if (name.equals(URI)) {
-						client.setClientUri(reader.nextString());
-					} else if (name.equals(LOGO_URI)) {
-						client.setLogoUri(reader.nextString());
-					} else if (name.equals(CONTACTS)) {
-						Set<String> contacts = readSet(reader);
-						client.setContacts(contacts);
-					} else if (name.equals(TOS_URI)) {
-						client.setTosUri(reader.nextString());
-					} else if (name.equals(TOKEN_ENDPOINT_AUTH_METHOD)) {
-						AuthMethod am = AuthMethod.getByValue(reader.nextString());
-						client.setTokenEndpointAuthMethod(am);
-					} else if (name.equals(GRANT_TYPES)) {
-						Set<String> grantTypes = readSet(reader);
-						client.setGrantTypes(grantTypes);
-					} else if (name.equals(RESPONSE_TYPES)) {
-						Set<String> responseTypes = readSet(reader);
-						client.setResponseTypes(responseTypes);
-					} else if (name.equals(POLICY_URI)) {
-						client.setPolicyUri(reader.nextString());
-					} else if (name.equals(APPLICATION_TYPE)) {
-						AppType appType = AppType.getByValue(reader.nextString());
-						client.setApplicationType(appType);
-					} else if (name.equals(SECTOR_IDENTIFIER_URI)) {
-						client.setSectorIdentifierUri(reader.nextString());
-					} else if (name.equals(SUBJECT_TYPE)) {
-						SubjectType st = SubjectType.getByValue(reader.nextString());
-						client.setSubjectType(st);
-					} else if (name.equals(JWKS_URI)) {
-						client.setJwksUri(reader.nextString());
-					} else if (name.equals(JWKS)) {
-						try {
-							client.setJwks(JWKSet.parse(reader.nextString()));
-						} catch (ParseException e) {
-							logger.error("Couldn't parse JWK Set", e);
-						}
-					} else if (name.equals(REQUEST_OBJECT_SIGNING_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setRequestObjectSigningAlg(alg);
-					} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ALG)) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseAlg(alg);
-					} else if (name.equals(USER_INFO_ENCRYPTED_RESPONSE_ENC)) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setUserInfoEncryptedResponseEnc(alg);
-					} else if (name.equals(USER_INFO_SIGNED_RESPONSE_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setUserInfoSignedResponseAlg(alg);
-					} else if (name.equals(ID_TOKEN_SIGNED_RESPONSE_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setIdTokenSignedResponseAlg(alg);
-					} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ALG)) {
-						JWEAlgorithm alg = JWEAlgorithm.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseAlg(alg);
-					} else if (name.equals(ID_TOKEN_ENCRYPTED_RESPONSE_ENC)) {
-						EncryptionMethod alg = EncryptionMethod.parse(reader.nextString());
-						client.setIdTokenEncryptedResponseEnc(alg);
-					} else if (name.equals(TOKEN_ENDPOINT_AUTH_SIGNING_ALG)) {
-						JWSAlgorithm alg = JWSAlgorithm.parse(reader.nextString());
-						client.setTokenEndpointAuthSigningAlg(alg);
-					} else if (name.equals(DEFAULT_MAX_AGE)) {
-						client.setDefaultMaxAge(reader.nextInt());
-					} else if (name.equals(REQUIRE_AUTH_TIME)) {
-						client.setRequireAuthTime(reader.nextBoolean());
-					} else if (name.equals(DEFAULT_ACR_VALUES)) {
-						Set<String> defaultACRvalues = readSet(reader);
-						client.setDefaultACRvalues(defaultACRvalues);
-					} else if (name.equals("initiateLoginUri")) {
-						client.setInitiateLoginUri(reader.nextString());
-					} else if (name.equals(POST_LOGOUT_REDIRECT_URI)) {
-						Set<String> postLogoutUris = readSet(reader);
-						client.setPostLogoutRedirectUris(postLogoutUris);
-					} else if (name.equals(REQUEST_URIS)) {
-						Set<String> requestUris = readSet(reader);
-						client.setRequestUris(requestUris);
-					} else if (name.equals(DESCRIPTION)) {
-						client.setClientDescription(reader.nextString());
-					} else if (name.equals(ALLOW_INTROSPECTION)) {
-						client.setAllowIntrospection(reader.nextBoolean());
-					} else if (name.equals(REUSE_REFRESH_TOKEN)) {
-						client.setReuseRefreshToken(reader.nextBoolean());
-					} else if (name.equals(CLEAR_ACCESS_TOKENS_ON_REFRESH)) {
-						client.setClearAccessTokensOnRefresh(reader.nextBoolean());
-					} else if (name.equals(DYNAMICALLY_REGISTERED)) {
-						client.setDynamicallyRegistered(reader.nextBoolean());
-					} else if (name.equals(CODE_CHALLENGE_METHOD)) {
-						client.setCodeChallengeMethod(PKCEAlgorithm.parse(reader.nextString()));
-					} else if (name.equals(SOFTWARE_ID)) {
-						client.setSoftwareId(reader.nextString());
-					} else if (name.equals(SOFTWARE_VERSION)) {
-						client.setSoftwareVersion(reader.nextString());
-					} else if (name.equals(SOFTWARE_STATEMENT)) {
-						try {
-							client.setSoftwareStatement(JWTParser.parse(reader.nextString()));
-						} catch (ParseException e) {
-							logger.error("Couldn't parse software statement", e);
-						}
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -1201,31 +1201,31 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
+							reader.skipValue();
+						} else if (name.equals(VALUE)) {
+							scope.setValue(reader.nextString());
+						} else if (name.equals(DESCRIPTION)) {
+							scope.setDescription(reader.nextString());
+						} else if (name.equals(RESTRICTED)) {
+							scope.setRestricted(reader.nextBoolean());
+						} else if (name.equals(DEFAULT_SCOPE)) {
+							scope.setDefaultScope(reader.nextBoolean());
+						} else if (name.equals(ICON)) {
+							scope.setIcon(reader.nextString());
+						} else {
+							logger.debug("found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
+						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					} else if (name.equals(VALUE)) {
+						continue;
-						scope.setValue(reader.nextString());
-					} else if (name.equals(DESCRIPTION)) {
-						scope.setDescription(reader.nextString());
-					} else if (name.equals(RESTRICTED)) {
-						scope.setRestricted(reader.nextBoolean());
-					} else if (name.equals(DEFAULT_SCOPE)) {
-						scope.setDefaultScope(reader.nextBoolean());
-					} else if (name.equals(ICON)) {
-						scope.setIcon(reader.nextString());
-					} else {
-						logger.debug("found unexpected entry");
-						reader.skipValue();
-					}
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -1304,7 +1304,7 @@ public class MITREidDataService_1_3 extends MITREidDataServiceSupport implements
 		refreshTokenOldToNewIdMap.clear();
 		accessTokenOldToNewIdMap.clear();
 		grantOldToNewIdMap.clear();
-		*/
+		 */
 		logger.info("Done fixing object references.");
 	}
 

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java

@@ -20,15 +20,12 @@ import java.util.Date;
 import java.util.UUID;
 
 import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
-import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
-import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.mitre.openid.connect.model.UserInfo;
-import org.mitre.openid.connect.service.ApprovedSiteService;
 import org.mitre.openid.connect.service.OIDCTokenService;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.slf4j.Logger;
@@ -66,22 +63,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 	@Autowired
 	private ClientDetailsEntityService clientService;
 
-	@Autowired
-	private ApprovedSiteService approvedSiteService;
-
 	@Autowired
 	private UserInfoService userInfoService;
 
 	@Autowired
 	private OIDCTokenService connectTokenService;
 
-	@Autowired
-	private JWKSetCacheService encryptors;
-
-	@Autowired
-	private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
-
-
 	@Override
 	public OAuth2AccessToken enhance(OAuth2AccessToken accessToken,	OAuth2Authentication authentication) {
 

openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java

@@ -31,7 +31,6 @@ import java.util.Set;
 
 import javax.servlet.http.HttpSession;
 
-import org.mitre.oauth2.model.SystemScope;
 import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.model.WhitelistedSite;

openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java

@@ -37,15 +37,11 @@ import org.springframework.web.servlet.view.AbstractView;
 import com.google.gson.ExclusionStrategy;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
-import com.google.gson.JsonDeserializationContext;
-import com.google.gson.JsonDeserializer;
 import com.google.gson.JsonElement;
-import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonPrimitive;
 import com.google.gson.JsonSerializationContext;
 import com.google.gson.JsonSerializer;
-import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.EncryptionMethod;
 import com.nimbusds.jose.JWEAlgorithm;
 import com.nimbusds.jose.JWSAlgorithm;
@@ -71,70 +67,71 @@ public abstract class AbstractClientEntityView extends AbstractView {
 	private JsonParser parser = new JsonParser();
 
 	private Gson gson = new GsonBuilder()
-	.setExclusionStrategies(getExclusionStrategy())
+			.setExclusionStrategies(getExclusionStrategy())
-	.registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer<JWSAlgorithm>() {
+			.registerTypeAdapter(JWSAlgorithm.class, new JsonSerializer<JWSAlgorithm>() {
-		@Override
+				@Override
-		public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(JWSAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
-			if (src != null) {
+					if (src != null) {
-				return new JsonPrimitive(src.getName());
+						return new JsonPrimitive(src.getName());
-			} else {
+					} else {
-				return null;
+						return null;
-			}
+					}
-		}
+				}
-	})
+			})
-	.registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer<JWEAlgorithm>() {
+			.registerTypeAdapter(JWEAlgorithm.class, new JsonSerializer<JWEAlgorithm>() {
-		@Override
+				@Override
-		public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(JWEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
-			if (src != null) {
+					if (src != null) {
-				return new JsonPrimitive(src.getName());
+						return new JsonPrimitive(src.getName());
-			} else {
+					} else {
-				return null;
+						return null;
-			}
+					}
-		}
+				}
-	})
+			})
-	.registerTypeAdapter(EncryptionMethod.class, new JsonSerializer<EncryptionMethod>() {
+			.registerTypeAdapter(EncryptionMethod.class, new JsonSerializer<EncryptionMethod>() {
-		@Override
+				@Override
-		public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(EncryptionMethod src, Type typeOfSrc, JsonSerializationContext context) {
-			if (src != null) {
+					if (src != null) {
-				return new JsonPrimitive(src.getName());
+						return new JsonPrimitive(src.getName());
-			} else {
+					} else {
-				return null;
+						return null;
-			}
+					}
-		}
+				}
-	})
+			})
-	.registerTypeAdapter(JWKSet.class, new JsonSerializer<JWKSet>() {
+			.registerTypeAdapter(JWKSet.class, new JsonSerializer<JWKSet>() {
-		@Override
+				@Override
-		public JsonElement serialize(JWKSet src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(JWKSet src, Type typeOfSrc, JsonSerializationContext context) {
-			if (src != null) {
+					if (src != null) {
-				return parser.parse(src.toString());
+						return parser.parse(src.toString());
-			} else {
+					} else {
-				return null;
+						return null;
-			}
+					}
-		}
+				}
-	})
+			})
-	.registerTypeAdapter(JWT.class, new JsonSerializer<JWT>() {
+			.registerTypeAdapter(JWT.class, new JsonSerializer<JWT>() {
-		@Override
+				@Override
-		public JsonElement serialize(JWT src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(JWT src, Type typeOfSrc, JsonSerializationContext context) {
-			if (src != null) {
+					if (src != null) {
-				return new JsonPrimitive(src.serialize());
+						return new JsonPrimitive(src.serialize());
-			} else {
+					} else {
-				return null;
+						return null;
-			}
+					}
-		}
+				}
 
-	})
+			})
-	.registerTypeAdapter(PKCEAlgorithm.class, new JsonSerializer<PKCEAlgorithm>() {
+			.registerTypeAdapter(PKCEAlgorithm.class, new JsonSerializer<PKCEAlgorithm>() {
-		public JsonPrimitive serialize(PKCEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
+				@Override
-			if (src != null) {
+				public JsonPrimitive serialize(PKCEAlgorithm src, Type typeOfSrc, JsonSerializationContext context) {
-				return new JsonPrimitive(src.getName());
+					if (src != null) {
-			} else {
+						return new JsonPrimitive(src.getName());
-				return null;
+					} else {
-			}
+						return null;
-		}
+					}
-	})
+				}
-	.serializeNulls()
+			})
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.serializeNulls()
-	.create();
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.create();
 
 
 	/**

openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java

@@ -61,40 +61,40 @@ public class JsonApprovedSiteView extends AbstractView {
 	public static final String VIEWNAME = "jsonApprovedSiteView";
 
 	private Gson gson = new GsonBuilder()
-	.setExclusionStrategies(new ExclusionStrategy() {
+			.setExclusionStrategies(new ExclusionStrategy() {
 
-		@Override
+				@Override
-		public boolean shouldSkipField(FieldAttributes f) {
+				public boolean shouldSkipField(FieldAttributes f) {
 
-			return false;
+					return false;
-		}
+				}
 
-		@Override
+				@Override
-		public boolean shouldSkipClass(Class<?> clazz) {
+				public boolean shouldSkipClass(Class<?> clazz) {
-			// skip the JPA binding wrapper
+					// skip the JPA binding wrapper
-			if (clazz.equals(BeanPropertyBindingResult.class)) {
+					if (clazz.equals(BeanPropertyBindingResult.class)) {
-				return true;
+						return true;
-			}
+					}
-			return false;
+					return false;
-		}
+				}
 
-	})
+			})
-	.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
+			.registerTypeAdapter(OAuth2AccessTokenEntity.class, new JsonSerializer<OAuth2AccessTokenEntity>() {
-		@Override
+				@Override
-		public JsonElement serialize(OAuth2AccessTokenEntity src,
+				public JsonElement serialize(OAuth2AccessTokenEntity src,
-				Type typeOfSrc, JsonSerializationContext context) {
+						Type typeOfSrc, JsonSerializationContext context) {
-			return new JsonPrimitive(src.getId());
+					return new JsonPrimitive(src.getId());
-		}
+				}
-	})
+			})
-	.registerTypeAdapter(WhitelistedSite.class, new JsonSerializer<WhitelistedSite>() {
+			.registerTypeAdapter(WhitelistedSite.class, new JsonSerializer<WhitelistedSite>() {
-		@Override
+				@Override
-		public JsonElement serialize(WhitelistedSite src, Type typeOfSrc, JsonSerializationContext context) {
+				public JsonElement serialize(WhitelistedSite src, Type typeOfSrc, JsonSerializationContext context) {
-			return new JsonPrimitive(src.getId());
+					return new JsonPrimitive(src.getId());
-		}
+				}
-	})
+			})
-	.serializeNulls()
+			.serializeNulls()
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-	.create();
+			.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java

@@ -56,27 +56,27 @@ public class JsonEntityView extends AbstractView {
 	public static final String VIEWNAME = "jsonEntityView";
 
 	private Gson gson = new GsonBuilder()
-	.setExclusionStrategies(new ExclusionStrategy() {
+			.setExclusionStrategies(new ExclusionStrategy() {
 
-		@Override
+				@Override
-		public boolean shouldSkipField(FieldAttributes f) {
+				public boolean shouldSkipField(FieldAttributes f) {
 
-			return false;
+					return false;
-		}
+				}
 
-		@Override
+				@Override
-		public boolean shouldSkipClass(Class<?> clazz) {
+				public boolean shouldSkipClass(Class<?> clazz) {
-			// skip the JPA binding wrapper
+					// skip the JPA binding wrapper
-			if (clazz.equals(BeanPropertyBindingResult.class)) {
+					if (clazz.equals(BeanPropertyBindingResult.class)) {
-				return true;
+						return true;
-			}
+					}
-			return false;
+					return false;
-		}
+				}
 
-	})
+			})
-	.serializeNulls()
+			.serializeNulls()
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-	.create();
+			.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java

@@ -63,27 +63,27 @@ public class JsonErrorView extends AbstractView {
 	public static final String VIEWNAME = "jsonErrorView";
 
 	private Gson gson = new GsonBuilder()
-	.setExclusionStrategies(new ExclusionStrategy() {
+			.setExclusionStrategies(new ExclusionStrategy() {
 
-		@Override
+				@Override
-		public boolean shouldSkipField(FieldAttributes f) {
+				public boolean shouldSkipField(FieldAttributes f) {
 
-			return false;
+					return false;
-		}
+				}
 
-		@Override
+				@Override
-		public boolean shouldSkipClass(Class<?> clazz) {
+				public boolean shouldSkipClass(Class<?> clazz) {
-			// skip the JPA binding wrapper
+					// skip the JPA binding wrapper
-			if (clazz.equals(BeanPropertyBindingResult.class)) {
+					if (clazz.equals(BeanPropertyBindingResult.class)) {
-				return true;
+						return true;
-			}
+					}
-			return false;
+					return false;
-		}
+				}
 
-	})
+			})
-	.serializeNulls()
+			.serializeNulls()
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-	.create();
+			.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {

openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java

@@ -99,11 +99,11 @@ public class UserInfoJWTView extends UserInfoView {
 			response.setContentType(JOSE_MEDIA_TYPE_VALUE);
 
 			JWTClaimsSet claims = new JWTClaimsSet.Builder(JWTClaimsSet.parse(writer.toString()))
-				.audience(Lists.newArrayList(client.getClientId()))
+					.audience(Lists.newArrayList(client.getClientId()))
-				.issuer(config.getIssuer())
+					.issuer(config.getIssuer())
-				.issueTime(new Date())
+					.issueTime(new Date())
-				.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
+					.jwtID(UUID.randomUUID().toString()) // set a random NONCE in the middle of it
-				.build();
+					.build();
 
 
 			if (client.getUserInfoEncryptedResponseAlg() != null && !client.getUserInfoEncryptedResponseAlg().equals(Algorithm.NONE)

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java

@@ -22,7 +22,6 @@ package org.mitre.openid.connect.web;
 import java.security.Principal;
 import java.util.Collection;
 
-import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.service.ApprovedSiteService;
 import org.mitre.openid.connect.view.HttpCodeView;
@@ -55,9 +54,6 @@ public class ApprovedSiteAPI {
 	@Autowired
 	private ApprovedSiteService approvedSiteService;
 
-	@Autowired
-	private OAuth2TokenEntityService tokenServices;
-
 	/**
 	 * Logger for this class
 	 */

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java

@@ -142,76 +142,77 @@ public class ClientAPI {
 	private JsonParser parser = new JsonParser();
 
 	private Gson gson = new GsonBuilder()
-	.serializeNulls()
+			.serializeNulls()
-	.registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer<Algorithm>() {
+			.registerTypeAdapter(JWSAlgorithm.class, new JsonDeserializer<Algorithm>() {
-		@Override
+				@Override
-		public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+				public JWSAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-			if (json.isJsonPrimitive()) {
+					if (json.isJsonPrimitive()) {
-				return JWSAlgorithm.parse(json.getAsString());
+						return JWSAlgorithm.parse(json.getAsString());
-			} else {
+					} else {
-				return null;
+						return null;
-			}
+					}
-		}
-	})
-	.registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer<Algorithm>() {
-		@Override
-		public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-			if (json.isJsonPrimitive()) {
-				return JWEAlgorithm.parse(json.getAsString());
-			} else {
-				return null;
-			}
-		}
-	})
-	.registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer<Algorithm>() {
-		@Override
-		public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-			if (json.isJsonPrimitive()) {
-				return EncryptionMethod.parse(json.getAsString());
-			} else {
-				return null;
-			}
-		}
-	})
-	.registerTypeAdapter(JWKSet.class, new JsonDeserializer<JWKSet>() {
-		@Override
-		public JWKSet deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-			if (json.isJsonObject()) {
-				try {
-					return JWKSet.parse(json.toString());
-				} catch (ParseException e) {
-					return null;
 				}
-			} else {
+			})
-				return null;
+			.registerTypeAdapter(JWEAlgorithm.class, new JsonDeserializer<Algorithm>() {
-			}
+				@Override
-		}
+				public JWEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-	})
+					if (json.isJsonPrimitive()) {
-	.registerTypeAdapter(JWT.class, new JsonDeserializer<JWT>() {
+						return JWEAlgorithm.parse(json.getAsString());
-		@Override
+					} else {
-		public JWT deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+						return null;
-			if (json.isJsonPrimitive()) {
+					}
-				try {
-					return JWTParser.parse(json.getAsString());
-				} catch (ParseException e) {
-					return null;
 				}
-			} else {
+			})
-				return null;
+			.registerTypeAdapter(EncryptionMethod.class, new JsonDeserializer<Algorithm>() {
-			}
+				@Override
-		}
+				public EncryptionMethod deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-	})
+					if (json.isJsonPrimitive()) {
-	.registerTypeAdapter(PKCEAlgorithm.class, new JsonDeserializer<Algorithm>() {
+						return EncryptionMethod.parse(json.getAsString());
-		public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+					} else {
-			if (json.isJsonPrimitive()) {
+						return null;
-				return PKCEAlgorithm.parse(json.getAsString());
+					}
-			} else {
+				}
-				return null;
+			})
-			}
+			.registerTypeAdapter(JWKSet.class, new JsonDeserializer<JWKSet>() {
-		}
+				@Override
-	})
+				public JWKSet deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+					if (json.isJsonObject()) {
-	.create();
+						try {
+							return JWKSet.parse(json.toString());
+						} catch (ParseException e) {
+							return null;
+						}
+					} else {
+						return null;
+					}
+				}
+			})
+			.registerTypeAdapter(JWT.class, new JsonDeserializer<JWT>() {
+				@Override
+				public JWT deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+					if (json.isJsonPrimitive()) {
+						try {
+							return JWTParser.parse(json.getAsString());
+						} catch (ParseException e) {
+							return null;
+						}
+					} else {
+						return null;
+					}
+				}
+			})
+			.registerTypeAdapter(PKCEAlgorithm.class, new JsonDeserializer<Algorithm>() {
+				@Override
+				public PKCEAlgorithm deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) throws JsonParseException {
+					if (json.isJsonPrimitive()) {
+						return PKCEAlgorithm.parse(json.getAsString());
+					} else {
+						return null;
+					}
+				}
+			})
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.create();
 
 	/**
 	 * Logger for this class
@@ -508,37 +509,37 @@ public class ClientAPI {
 	 * Get the logo image for a client
 	 * @param id
 	 */
-	 @RequestMapping(value = "/{id}/logo", method=RequestMethod.GET, produces = { MediaType.IMAGE_GIF_VALUE, MediaType.IMAGE_JPEG_VALUE, MediaType.IMAGE_PNG_VALUE })
+	@RequestMapping(value = "/{id}/logo", method=RequestMethod.GET, produces = { MediaType.IMAGE_GIF_VALUE, MediaType.IMAGE_JPEG_VALUE, MediaType.IMAGE_PNG_VALUE })
-	 public ResponseEntity<byte[]> getClientLogo(@PathVariable("id") Long id, Model model) {
+	public ResponseEntity<byte[]> getClientLogo(@PathVariable("id") Long id, Model model) {
 
-			ClientDetailsEntity client = clientService.getClientById(id);
+		ClientDetailsEntity client = clientService.getClientById(id);
 
-			if (client == null) {
+		if (client == null) {
-				return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+			return new ResponseEntity<>(HttpStatus.NOT_FOUND);
-			} else if (Strings.isNullOrEmpty(client.getLogoUri())) {
+		} else if (Strings.isNullOrEmpty(client.getLogoUri())) {
-				return new ResponseEntity<>(HttpStatus.NOT_FOUND);
+			return new ResponseEntity<>(HttpStatus.NOT_FOUND);
-			} else {
+		} else {
-				// get the image from cache
+			// get the image from cache
-				CachedImage image = clientLogoLoadingService.getLogo(client);
+			CachedImage image = clientLogoLoadingService.getLogo(client);
 
-				HttpHeaders headers = new HttpHeaders();
+			HttpHeaders headers = new HttpHeaders();
-				headers.setContentType(MediaType.parseMediaType(image.getContentType()));
+			headers.setContentType(MediaType.parseMediaType(image.getContentType()));
-				headers.setContentLength(image.getLength());
+			headers.setContentLength(image.getLength());
 
-				return new ResponseEntity<>(image.getData(), headers, HttpStatus.OK);
+			return new ResponseEntity<>(image.getData(), headers, HttpStatus.OK);
-			}
+		}
-	 }
+	}
 
-		private ClientDetailsEntity validateSoftwareStatement(ClientDetailsEntity newClient) throws ValidationException {
+	private ClientDetailsEntity validateSoftwareStatement(ClientDetailsEntity newClient) throws ValidationException {
-			if (newClient.getSoftwareStatement() != null) {
+		if (newClient.getSoftwareStatement() != null) {
-				if (assertionValidator.isValid(newClient.getSoftwareStatement())) {
+			if (assertionValidator.isValid(newClient.getSoftwareStatement())) {
-					// we have a software statement and its envelope passed all the checks from our validator
+				// we have a software statement and its envelope passed all the checks from our validator
 
-					// swap out all of the client's fields for the associated parts of the software statement
+				// swap out all of the client's fields for the associated parts of the software statement
-					try {
+				try {
-						JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet();
+					JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet();
-						for (String claim : claimSet.getClaims().keySet()) {
+					for (String claim : claimSet.getClaims().keySet()) {
-							switch (claim) {
+						switch (claim) {
 							case SOFTWARE_STATEMENT:
 								throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST);
 							case CLAIMS_REDIRECT_URIS:
@@ -650,21 +651,21 @@ public class ClientAPI {
 							default:
 								logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim));
 								break;
-							}
 						}
-						
-						return newClient;
-					} catch (ParseException e) {
-						throw new ValidationException("invalid_client_metadata", "Software statement claims didn't parse", HttpStatus.BAD_REQUEST);
 					}
-				} else {
+
-					throw new ValidationException("invalid_client_metadata", "Software statement rejected by validator", HttpStatus.BAD_REQUEST);
+					return newClient;
+				} catch (ParseException e) {
+					throw new ValidationException("invalid_client_metadata", "Software statement claims didn't parse", HttpStatus.BAD_REQUEST);
 				}
 			} else {
-				// nothing to see here, carry on
+				throw new ValidationException("invalid_client_metadata", "Software statement rejected by validator", HttpStatus.BAD_REQUEST);
-				return newClient;
 			}
-		
+		} else {
+			// nothing to see here, carry on
+			return newClient;
 		}
 
+	}
+
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java

@@ -27,9 +27,6 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.mitre.openid.connect.service.MITREidDataService;
-import org.mitre.openid.connect.service.impl.MITREidDataService_1_0;
-import org.mitre.openid.connect.service.impl.MITREidDataService_1_1;
-import org.mitre.openid.connect.service.impl.MITREidDataService_1_2;
 import org.mitre.openid.connect.service.impl.MITREidDataService_1_3;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -74,10 +71,10 @@ public class DataAPI {
 	private List<MITREidDataService> importers;
 
 	private List<String> supportedVersions = ImmutableList.of(
-		MITREidDataService.MITREID_CONNECT_1_0, 
+			MITREidDataService.MITREID_CONNECT_1_0,
-		MITREidDataService.MITREID_CONNECT_1_1, 
+			MITREidDataService.MITREID_CONNECT_1_1,
-		MITREidDataService.MITREID_CONNECT_1_2,
+			MITREidDataService.MITREID_CONNECT_1_2,
-		MITREidDataService.MITREID_CONNECT_1_3);
+			MITREidDataService.MITREID_CONNECT_1_3);
 
 	@Autowired
 	private MITREidDataService_1_3 exporter;
@@ -92,28 +89,28 @@ public class DataAPI {
 		while (reader.hasNext()) {
 			JsonToken tok = reader.peek();
 			switch (tok) {
-			case NAME:
+				case NAME:
-				String name = reader.nextName();
+					String name = reader.nextName();
 
-				if (supportedVersions.contains(name)) {
+					if (supportedVersions.contains(name)) {
-					// we're working with a known data version tag
+						// we're working with a known data version tag
-					for (MITREidDataService dataService : importers) {
+						for (MITREidDataService dataService : importers) {
-						// dispatch to the correct service
+							// dispatch to the correct service
-						if (dataService.supportsVersion(name)) {
+							if (dataService.supportsVersion(name)) {
-							dataService.importData(reader);
+								dataService.importData(reader);
-							break;
+								break;
+							}
 						}
+					} else {
+						// consume the next bit silently for now
+						logger.debug("Skipping value for " + name); // TODO: write these out?
+						reader.skipValue();
 					}
-				} else {
+					break;
-					// consume the next bit silently for now
+				case END_OBJECT:
-					logger.debug("Skipping value for " + name); // TODO: write these out?
+					break;
-					reader.skipValue();
+				case END_DOCUMENT:
-				}
+					break;
-				break;
-			case END_OBJECT:
-				break;
-			case END_DOCUMENT:
-				break;
 			}
 		}
 

openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java

@@ -16,8 +16,6 @@
  *******************************************************************************/
 package org.mitre.openid.connect.web;
 
-import static org.mitre.oauth2.model.RegisteredClientFields.*;
-
 import java.io.UnsupportedEncodingException;
 import java.text.ParseException;
 import java.util.Date;
@@ -26,7 +24,6 @@ import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
 import org.mitre.jwt.assertion.AssertionValidator;
-import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AppType;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
@@ -73,6 +70,45 @@ import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jwt.JWTClaimsSet;
 
+import static org.mitre.oauth2.model.RegisteredClientFields.APPLICATION_TYPE;
+import static org.mitre.oauth2.model.RegisteredClientFields.CLAIMS_REDIRECT_URIS;
+import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID;
+import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID_ISSUED_AT;
+import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_NAME;
+import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET;
+import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_SECRET_EXPIRES_AT;
+import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.CONTACTS;
+import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_ACR_VALUES;
+import static org.mitre.oauth2.model.RegisteredClientFields.DEFAULT_MAX_AGE;
+import static org.mitre.oauth2.model.RegisteredClientFields.GRANT_TYPES;
+import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ALG;
+import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_ENCRYPTED_RESPONSE_ENC;
+import static org.mitre.oauth2.model.RegisteredClientFields.ID_TOKEN_SIGNED_RESPONSE_ALG;
+import static org.mitre.oauth2.model.RegisteredClientFields.INITIATE_LOGIN_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.JWKS;
+import static org.mitre.oauth2.model.RegisteredClientFields.JWKS_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.LOGO_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.POLICY_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.POST_LOGOUT_REDIRECT_URIS;
+import static org.mitre.oauth2.model.RegisteredClientFields.REDIRECT_URIS;
+import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_ACCESS_TOKEN;
+import static org.mitre.oauth2.model.RegisteredClientFields.REGISTRATION_CLIENT_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_OBJECT_SIGNING_ALG;
+import static org.mitre.oauth2.model.RegisteredClientFields.REQUEST_URIS;
+import static org.mitre.oauth2.model.RegisteredClientFields.REQUIRE_AUTH_TIME;
+import static org.mitre.oauth2.model.RegisteredClientFields.RESPONSE_TYPES;
+import static org.mitre.oauth2.model.RegisteredClientFields.SCOPE;
+import static org.mitre.oauth2.model.RegisteredClientFields.SECTOR_IDENTIFIER_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.SOFTWARE_STATEMENT;
+import static org.mitre.oauth2.model.RegisteredClientFields.SUBJECT_TYPE;
+import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_METHOD;
+import static org.mitre.oauth2.model.RegisteredClientFields.TOKEN_ENDPOINT_AUTH_SIGNING_ALG;
+import static org.mitre.oauth2.model.RegisteredClientFields.TOS_URI;
+import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ALG;
+import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_ENCRYPTED_RESPONSE_ENC;
+import static org.mitre.oauth2.model.RegisteredClientFields.USERINFO_SIGNED_RESPONSE_ALG;
+
 @Controller
 @RequestMapping(value = DynamicClientRegistrationEndpoint.URL)
 public class DynamicClientRegistrationEndpoint {
@@ -85,9 +121,6 @@ public class DynamicClientRegistrationEndpoint {
 	@Autowired
 	private OAuth2TokenEntityService tokenService;
 
-	@Autowired
-	private JWTSigningAndValidationService jwtService;
-
 	@Autowired
 	private SystemScopeService scopeService;
 
@@ -587,117 +620,117 @@ public class DynamicClientRegistrationEndpoint {
 					JWTClaimsSet claimSet = newClient.getSoftwareStatement().getJWTClaimsSet();
 					for (String claim : claimSet.getClaims().keySet()) {
 						switch (claim) {
-						case SOFTWARE_STATEMENT:
+							case SOFTWARE_STATEMENT:
-							throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST);
+								throw new ValidationException("invalid_client_metadata", "Software statement can't include another software statement", HttpStatus.BAD_REQUEST);
-						case CLAIMS_REDIRECT_URIS:
+							case CLAIMS_REDIRECT_URIS:
-							newClient.setClaimsRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setClaimsRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case CLIENT_SECRET_EXPIRES_AT:
+							case CLIENT_SECRET_EXPIRES_AT:
-							throw new ValidationException("invalid_client_metadata", "Software statement can't include a client secret expiration time", HttpStatus.BAD_REQUEST);
+								throw new ValidationException("invalid_client_metadata", "Software statement can't include a client secret expiration time", HttpStatus.BAD_REQUEST);
-						case CLIENT_ID_ISSUED_AT:
+							case CLIENT_ID_ISSUED_AT:
-							throw new ValidationException("invalid_client_metadata", "Software statement can't include a client ID issuance time", HttpStatus.BAD_REQUEST);
+								throw new ValidationException("invalid_client_metadata", "Software statement can't include a client ID issuance time", HttpStatus.BAD_REQUEST);
-						case REGISTRATION_CLIENT_URI:
+							case REGISTRATION_CLIENT_URI:
-							throw new ValidationException("invalid_client_metadata", "Software statement can't include a client configuration endpoint", HttpStatus.BAD_REQUEST);
+								throw new ValidationException("invalid_client_metadata", "Software statement can't include a client configuration endpoint", HttpStatus.BAD_REQUEST);
-						case REGISTRATION_ACCESS_TOKEN:
+							case REGISTRATION_ACCESS_TOKEN:
-							throw new ValidationException("invalid_client_metadata", "Software statement can't include a client registration access token", HttpStatus.BAD_REQUEST);
+								throw new ValidationException("invalid_client_metadata", "Software statement can't include a client registration access token", HttpStatus.BAD_REQUEST);
-						case REQUEST_URIS:
+							case REQUEST_URIS:
-							newClient.setRequestUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setRequestUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case POST_LOGOUT_REDIRECT_URIS:
+							case POST_LOGOUT_REDIRECT_URIS:
-							newClient.setPostLogoutRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setPostLogoutRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case INITIATE_LOGIN_URI:
+							case INITIATE_LOGIN_URI:
-							newClient.setInitiateLoginUri(claimSet.getStringClaim(claim));
+								newClient.setInitiateLoginUri(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case DEFAULT_ACR_VALUES:
+							case DEFAULT_ACR_VALUES:
-							newClient.setDefaultACRvalues(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setDefaultACRvalues(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case REQUIRE_AUTH_TIME:
+							case REQUIRE_AUTH_TIME:
-							newClient.setRequireAuthTime(claimSet.getBooleanClaim(claim));
+								newClient.setRequireAuthTime(claimSet.getBooleanClaim(claim));
-							break;
+								break;
-						case DEFAULT_MAX_AGE:
+							case DEFAULT_MAX_AGE:
-							newClient.setDefaultMaxAge(claimSet.getIntegerClaim(claim));
+								newClient.setDefaultMaxAge(claimSet.getIntegerClaim(claim));
-							break;
+								break;
-						case TOKEN_ENDPOINT_AUTH_SIGNING_ALG:
+							case TOKEN_ENDPOINT_AUTH_SIGNING_ALG:
-							newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
+								newClient.setTokenEndpointAuthSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case ID_TOKEN_ENCRYPTED_RESPONSE_ENC:
+							case ID_TOKEN_ENCRYPTED_RESPONSE_ENC:
-							newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
+								newClient.setIdTokenEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case ID_TOKEN_ENCRYPTED_RESPONSE_ALG:
+							case ID_TOKEN_ENCRYPTED_RESPONSE_ALG:
-							newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
+								newClient.setIdTokenEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case ID_TOKEN_SIGNED_RESPONSE_ALG:
+							case ID_TOKEN_SIGNED_RESPONSE_ALG:
-							newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
+								newClient.setIdTokenSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case USERINFO_ENCRYPTED_RESPONSE_ENC:
+							case USERINFO_ENCRYPTED_RESPONSE_ENC:
-							newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
+								newClient.setUserInfoEncryptedResponseEnc(EncryptionMethod.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case USERINFO_ENCRYPTED_RESPONSE_ALG:
+							case USERINFO_ENCRYPTED_RESPONSE_ALG:
-							newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
+								newClient.setUserInfoEncryptedResponseAlg(JWEAlgorithm.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case USERINFO_SIGNED_RESPONSE_ALG:
+							case USERINFO_SIGNED_RESPONSE_ALG:
-							newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
+								newClient.setUserInfoSignedResponseAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case REQUEST_OBJECT_SIGNING_ALG:
+							case REQUEST_OBJECT_SIGNING_ALG:
-							newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
+								newClient.setRequestObjectSigningAlg(JWSAlgorithm.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case SUBJECT_TYPE:
+							case SUBJECT_TYPE:
-							newClient.setSubjectType(SubjectType.getByValue(claimSet.getStringClaim(claim)));
+								newClient.setSubjectType(SubjectType.getByValue(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case SECTOR_IDENTIFIER_URI:
+							case SECTOR_IDENTIFIER_URI:
-							newClient.setSectorIdentifierUri(claimSet.getStringClaim(claim));
+								newClient.setSectorIdentifierUri(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case APPLICATION_TYPE:
+							case APPLICATION_TYPE:
-							newClient.setApplicationType(AppType.getByValue(claimSet.getStringClaim(claim)));
+								newClient.setApplicationType(AppType.getByValue(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case JWKS_URI:
+							case JWKS_URI:
-							newClient.setJwksUri(claimSet.getStringClaim(claim));
+								newClient.setJwksUri(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case JWKS:
+							case JWKS:
-							newClient.setJwks(JWKSet.parse(claimSet.getStringClaim(claim)));
+								newClient.setJwks(JWKSet.parse(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case POLICY_URI:
+							case POLICY_URI:
-							newClient.setPolicyUri(claimSet.getStringClaim(claim));							
+								newClient.setPolicyUri(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case RESPONSE_TYPES:
+							case RESPONSE_TYPES:
-							newClient.setResponseTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setResponseTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case GRANT_TYPES:
+							case GRANT_TYPES:
-							newClient.setGrantTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setGrantTypes(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case SCOPE:
+							case SCOPE:
-							newClient.setScope(OAuth2Utils.parseParameterList(claimSet.getStringClaim(claim)));
+								newClient.setScope(OAuth2Utils.parseParameterList(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case TOKEN_ENDPOINT_AUTH_METHOD:
+							case TOKEN_ENDPOINT_AUTH_METHOD:
-							newClient.setTokenEndpointAuthMethod(AuthMethod.getByValue(claimSet.getStringClaim(claim)));
+								newClient.setTokenEndpointAuthMethod(AuthMethod.getByValue(claimSet.getStringClaim(claim)));
-							break;
+								break;
-						case TOS_URI:
+							case TOS_URI:
-							newClient.setTosUri(claimSet.getStringClaim(claim));
+								newClient.setTosUri(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case CONTACTS:
+							case CONTACTS:
-							newClient.setContacts(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setContacts(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case LOGO_URI:
+							case LOGO_URI:
-							newClient.setLogoUri(claimSet.getStringClaim(claim));
+								newClient.setLogoUri(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case CLIENT_URI:
+							case CLIENT_URI:
-							newClient.setClientUri(claimSet.getStringClaim(claim));
+								newClient.setClientUri(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case CLIENT_NAME:
+							case CLIENT_NAME:
-							newClient.setClientName(claimSet.getStringClaim(claim));
+								newClient.setClientName(claimSet.getStringClaim(claim));
-							break;
+								break;
-						case REDIRECT_URIS:
+							case REDIRECT_URIS:
-							newClient.setRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
+								newClient.setRedirectUris(Sets.newHashSet(claimSet.getStringListClaim(claim)));
-							break;
+								break;
-						case CLIENT_SECRET:
+							case CLIENT_SECRET:
-							throw new ValidationException("invalid_client_metadata", "Software statement can't contain client secret", HttpStatus.BAD_REQUEST);
+								throw new ValidationException("invalid_client_metadata", "Software statement can't contain client secret", HttpStatus.BAD_REQUEST);
-						case CLIENT_ID:
+							case CLIENT_ID:
-							throw new ValidationException("invalid_client_metadata", "Software statement can't contain client ID", HttpStatus.BAD_REQUEST);
+								throw new ValidationException("invalid_client_metadata", "Software statement can't contain client ID", HttpStatus.BAD_REQUEST);
 
-						default:
+							default:
-							logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim));
+								logger.warn("Software statement contained unknown field: " + claim + " with value " + claimSet.getClaim(claim));
-							break;
+								break;
 						}
 					}
 

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java

@@ -22,7 +22,6 @@ import java.util.Date;
 import java.util.HashSet;
 import java.util.Set;
 
-import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
@@ -34,7 +33,6 @@ import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor;
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.mitre.openid.connect.exception.ValidationException;
-import org.mitre.openid.connect.service.BlacklistedSiteService;
 import org.mitre.openid.connect.service.OIDCTokenService;
 import org.mitre.openid.connect.view.ClientInformationResponseView;
 import org.mitre.openid.connect.view.HttpCodeView;
@@ -73,15 +71,9 @@ public class ProtectedResourceRegistrationEndpoint {
 	@Autowired
 	private OAuth2TokenEntityService tokenService;
 
-	@Autowired
-	private JWTSigningAndValidationService jwtService;
-
 	@Autowired
 	private SystemScopeService scopeService;
 
-	@Autowired
-	private BlacklistedSiteService blacklistService;
-
 	@Autowired
 	private ConfigurationPropertiesBean config;
 

openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java

@@ -54,16 +54,16 @@ public class StatsAPI {
 
 	}
 
-//	@PreAuthorize("hasRole('ROLE_USER')")
+	//	@PreAuthorize("hasRole('ROLE_USER')")
-//	@RequestMapping(value = "byclientid", produces = MediaType.APPLICATION_JSON_VALUE)
+	//	@RequestMapping(value = "byclientid", produces = MediaType.APPLICATION_JSON_VALUE)
-//	public String statsByClient(ModelMap m) {
+	//	public String statsByClient(ModelMap m) {
-//		Map<Long, Integer> e = statsService.getByClientId();
+	//		Map<Long, Integer> e = statsService.getByClientId();
-//
+	//
-//		m.put(JsonEntityView.ENTITY, e);
+	//		m.put(JsonEntityView.ENTITY, e);
-//
+	//
-//		return JsonEntityView.VIEWNAME;
+	//		return JsonEntityView.VIEWNAME;
-//	}
+	//	}
-//
+	//
 	@PreAuthorize("hasRole('ROLE_USER')")
 	@RequestMapping(value = "byclientid/{id}", produces = MediaType.APPLICATION_JSON_VALUE)
 	public String statsByClientId(@PathVariable("id") String clientId, ModelMap m) {

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestBlacklistAwareRedirectResolver.java

@@ -17,6 +17,8 @@
 
 package org.mitre.oauth2.service.impl;
 
+import static org.mockito.Matchers.anyString;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -33,8 +35,6 @@ import com.google.common.collect.ImmutableSet;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 
-import static org.mockito.Matchers.anyString;
-
 import static org.mockito.Mockito.when;
 
 import static org.junit.Assert.assertThat;

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java

@@ -16,6 +16,9 @@
  *******************************************************************************/
 package org.mitre.oauth2.service.impl;
 
+import static com.google.common.collect.Sets.newHashSet;
+import static org.mockito.BDDMockito.given;
+
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -38,13 +41,9 @@ import org.springframework.security.oauth2.provider.OAuth2Request;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 
-import static com.google.common.collect.Sets.newHashSet;
-
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 
-import static org.mockito.BDDMockito.given;
-
 import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
 import static org.mockito.Mockito.mock;
 
@@ -61,7 +60,7 @@ public class TestDefaultIntrospectionResultAssembler {
 
 		// given
 		OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
-                oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
+				oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
 
 		UserInfo userInfo = userInfo("sub");
 
@@ -91,7 +90,7 @@ public class TestDefaultIntrospectionResultAssembler {
 		// given
 		OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"),
 				permissions(permission(1L, "foo", "bar")),
-                "Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
+				"Bearer", oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
 
 		UserInfo userInfo = userInfo("sub");
 
@@ -156,7 +155,7 @@ public class TestDefaultIntrospectionResultAssembler {
 
 		// given
 		OAuth2AccessTokenEntity accessToken = accessToken(null, scopes("foo", "bar"), null, "Bearer",
-                oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
+				oauth2AuthenticationWithUser(oauth2Request("clientId"), "name"));
 
 		UserInfo userInfo = userInfo("sub");
 
@@ -179,36 +178,36 @@ public class TestDefaultIntrospectionResultAssembler {
 	}
 
 	@Test
-    public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
+	public void shouldAssembleExpectedResultForAccessTokenWithoutUserAuthentication() throws ParseException {
-        // given
+		// given
-        OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
+		OAuth2AccessTokenEntity accessToken = accessToken(new Date(123 * 1000L), scopes("foo", "bar"), null, "Bearer",
-                oauth2Authentication(oauth2Request("clientId"), null));
+				oauth2Authentication(oauth2Request("clientId"), null));
 
-        Set<String> authScopes = scopes("foo", "bar", "baz");
+		Set<String> authScopes = scopes("foo", "bar", "baz");
 
-        // when
+		// when
-        Map<String, Object> result = assembler.assembleFrom(accessToken, null, authScopes);
+		Map<String, Object> result = assembler.assembleFrom(accessToken, null, authScopes);
 
 
-        // then `user_id` should not be present
+		// then `user_id` should not be present
-        Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
+		Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
-                .put("sub", "clientId")
+				.put("sub", "clientId")
-                .put("exp", 123L)
+				.put("exp", 123L)
-                .put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
+				.put("expires_at", dateFormat.valueToString(new Date(123 * 1000L)))
-                .put("scope", "bar foo")
+				.put("scope", "bar foo")
-                .put("active", Boolean.TRUE)
+				.put("active", Boolean.TRUE)
-                .put("client_id", "clientId")
+				.put("client_id", "clientId")
-                .put("token_type", "Bearer")
+				.put("token_type", "Bearer")
-                .build();
+				.build();
-        assertThat(result, is(equalTo(expected)));
+		assertThat(result, is(equalTo(expected)));
-    }
+	}
 
 	@Test
 	public void shouldAssembleExpectedResultForRefreshToken() throws ParseException {
 
 		// given
 		OAuth2RefreshTokenEntity refreshToken = refreshToken(new Date(123 * 1000L),
-                oauth2AuthenticationWithUser(oauth2Request("clientId", scopes("foo", "bar")), "name"));
+				oauth2AuthenticationWithUser(oauth2Request("clientId", scopes("foo", "bar")), "name"));
 
 		UserInfo userInfo = userInfo("sub");
 
@@ -283,27 +282,27 @@ public class TestDefaultIntrospectionResultAssembler {
 		assertThat(result, is(equalTo(expected)));
 	}
 
-    @Test
+	@Test
-    public void shouldAssembleExpectedResultForRefreshTokenWithoutUserAuthentication() throws ParseException {
+	public void shouldAssembleExpectedResultForRefreshTokenWithoutUserAuthentication() throws ParseException {
-        // given
+		// given
-        OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
+		OAuth2RefreshTokenEntity refreshToken = refreshToken(null,
-                oauth2Authentication(oauth2Request("clientId", scopes("foo",  "bar")), null));
+				oauth2Authentication(oauth2Request("clientId", scopes("foo",  "bar")), null));
 
-        Set<String> authScopes = scopes("foo", "bar", "baz");
+		Set<String> authScopes = scopes("foo", "bar", "baz");
 
-        // when
+		// when
-        Map<String, Object> result = assembler.assembleFrom(refreshToken, null, authScopes);
+		Map<String, Object> result = assembler.assembleFrom(refreshToken, null, authScopes);
 
 
-        // then `user_id` should not be present
+		// then `user_id` should not be present
-        Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
+		Map<String, Object> expected = new ImmutableMap.Builder<String, Object>()
-                .put("sub", "clientId")
+				.put("sub", "clientId")
-                .put("scope", "bar foo")
+				.put("scope", "bar foo")
-                .put("active", Boolean.TRUE)
+				.put("active", Boolean.TRUE)
-                .put("client_id", "clientId")
+				.put("client_id", "clientId")
-                .build();
+				.build();
-        assertThat(result, is(equalTo(expected)));
+		assertThat(result, is(equalTo(expected)));
-    }
+	}
 
 
 
@@ -332,12 +331,12 @@ public class TestDefaultIntrospectionResultAssembler {
 
 	private OAuth2Authentication oauth2AuthenticationWithUser(OAuth2Request request, String username) {
 		UsernamePasswordAuthenticationToken userAuthentication = new UsernamePasswordAuthenticationToken(username, "somepassword");
-        return oauth2Authentication(request, userAuthentication);
+		return oauth2Authentication(request, userAuthentication);
 	}
 
-    private OAuth2Authentication oauth2Authentication(OAuth2Request request, Authentication userAuthentication) {
+	private OAuth2Authentication oauth2Authentication(OAuth2Request request, Authentication userAuthentication) {
-        return new OAuth2Authentication(request, userAuthentication);
+		return new OAuth2Authentication(request, userAuthentication);
-    }
+	}
 
 	private OAuth2Request oauth2Request(String clientId) {
 		return oauth2Request(clientId, null);

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java

@@ -16,8 +16,6 @@
  *******************************************************************************/
 package org.mitre.oauth2.service.impl;
 
-import static org.mockito.Matchers.anyString;
-
 import java.util.HashSet;
 import java.util.LinkedHashSet;
 import java.util.Set;
@@ -51,7 +49,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidClientExcept
 
 import com.google.common.collect.Sets;
 
-import static org.hamcrest.CoreMatchers.any;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.notNullValue;

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java

@@ -26,9 +26,7 @@ import org.mitre.oauth2.repository.SystemScopeRepository;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
 import org.mockito.runners.MockitoJUnitRunner;
-import org.mockito.stubbing.Answer;
 
 import com.google.common.collect.Sets;
 

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java

@@ -16,7 +16,8 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
-import java.util.ArrayList;
+import static org.mockito.Matchers.any;
+
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -40,8 +41,6 @@ import org.springframework.test.annotation.Rollback;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Sets;
 
-import static org.mockito.Matchers.any;
-
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.times;
 

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java

@@ -23,7 +23,6 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mitre.oauth2.model.ClientDetailsEntity;
-import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.mitre.openid.connect.model.ApprovedSite;
 import org.mitre.openid.connect.service.ApprovedSiteService;
 import org.mockito.InjectMocks;

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java

@@ -16,6 +16,11 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import static org.mockito.Matchers.anyLong;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Matchers.isA;
+import static org.mockito.Matchers.isNull;
+
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
@@ -73,11 +78,6 @@ import com.nimbusds.jwt.JWTParser;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 
-import static org.mockito.Matchers.anyLong;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Matchers.isA;
-import static org.mockito.Matchers.isNull;
-
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java

@@ -16,6 +16,11 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import static org.mockito.Matchers.anyLong;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Matchers.isA;
+import static org.mockito.Matchers.isNull;
+
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
@@ -72,11 +77,6 @@ import com.nimbusds.jwt.JWTParser;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 
-import static org.mockito.Matchers.anyLong;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Matchers.isA;
-import static org.mockito.Matchers.isNull;
-
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java

@@ -16,9 +16,13 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import static org.mockito.Matchers.anyLong;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Matchers.isA;
+import static org.mockito.Matchers.isNull;
+
 import java.io.IOException;
 import java.io.StringReader;
-import java.io.StringWriter;
 import java.text.ParseException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -62,42 +66,27 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.format.annotation.DateTimeFormat.ISO;
 import org.springframework.format.datetime.DateFormatter;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.OAuth2Request;
 
-import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
 import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
-import com.google.gson.JsonObject;
-import com.google.gson.JsonParser;
 import com.google.gson.stream.JsonReader;
-import com.google.gson.stream.JsonWriter;
 import com.nimbusds.jwt.JWTParser;
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 
-import static org.mockito.Matchers.anyLong;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Matchers.isA;
-import static org.mockito.Matchers.isNull;
-
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.mockito.Mockito.withSettings;
 
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThat;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
 
 @RunWith(MockitoJUnitRunner.class)
 @SuppressWarnings(value = {"rawtypes", "unchecked"})

openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_3.java

@@ -16,6 +16,11 @@
  *******************************************************************************/
 package org.mitre.openid.connect.service.impl;
 
+import static org.mockito.Matchers.anyLong;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Matchers.isA;
+import static org.mockito.Matchers.isNull;
+
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
@@ -83,18 +88,12 @@ import com.nimbusds.jwt.JWTParser;
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.CoreMatchers.is;
 
-import static org.mockito.Matchers.anyLong;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Matchers.isA;
-import static org.mockito.Matchers.isNull;
-
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.mockito.Mockito.withSettings;
 
-import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;

uma-server/src/main/java/org/mitre/uma/service/impl/UmaDataServiceExtension_1_3.java

@@ -63,70 +63,10 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
 	private static final String THIS_VERSION = MITREidDataService.MITREID_CONNECT_1_3;
 
 	private static final String REGISTERED_CLIENT = "registeredClient";
-	private static final String DEFAULT_SCOPE = "defaultScope";
-	private static final String STRUCTURED_PARAMETER = "structuredParameter";
-	private static final String STRUCTURED = "structured";
-	private static final String RESTRICTED = "restricted";
-	private static final String ICON = "icon";
-	private static final String DYNAMICALLY_REGISTERED = "dynamicallyRegistered";
-	private static final String CLEAR_ACCESS_TOKENS_ON_REFRESH = "clearAccessTokensOnRefresh";
-	private static final String REUSE_REFRESH_TOKEN = "reuseRefreshToken";
-	private static final String ALLOW_INTROSPECTION = "allowIntrospection";
-	private static final String DESCRIPTION = "description";
-	private static final String REQUEST_URIS = "requestUris";
-	private static final String POST_LOGOUT_REDIRECT_URI = "postLogoutRedirectUri";
-	private static final String INTITATE_LOGIN_URI = "intitateLoginUri";
-	private static final String DEFAULT_ACR_VALUES = "defaultACRValues";
-	private static final String REQUIRE_AUTH_TIME = "requireAuthTime";
-	private static final String DEFAULT_MAX_AGE = "defaultMaxAge";
-	private static final String TOKEN_ENDPOINT_AUTH_SIGNING_ALG = "tokenEndpointAuthSigningAlg";
-	private static final String USER_INFO_ENCRYPTED_RESPONSE_ENC = "userInfoEncryptedResponseEnc";
-	private static final String USER_INFO_ENCRYPTED_RESPONSE_ALG = "userInfoEncryptedResponseAlg";
-	private static final String USER_INFO_SIGNED_RESPONSE_ALG = "userInfoSignedResponseAlg";
-	private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ENC = "idTokenEncryptedResponseEnc";
-	private static final String ID_TOKEN_ENCRYPTED_RESPONSE_ALG = "idTokenEncryptedResponseAlg";
-	private static final String ID_TOKEN_SIGNED_RESPONSE_ALG = "idTokenSignedResponseAlg";
-	private static final String REQUEST_OBJECT_SIGNING_ALG = "requestObjectSigningAlg";
-	private static final String SUBJECT_TYPE = "subjectType";
-	private static final String SECTOR_IDENTIFIER_URI = "sectorIdentifierUri";
-	private static final String APPLICATION_TYPE = "applicationType";
-	private static final String JWKS = "jwks";
-	private static final String JWKS_URI = "jwksUri";
-	private static final String POLICY_URI = "policyUri";
-	private static final String GRANT_TYPES = "grantTypes";
-	private static final String TOKEN_ENDPOINT_AUTH_METHOD = "tokenEndpointAuthMethod";
-	private static final String TOS_URI = "tosUri";
-	private static final String CONTACTS = "contacts";
-	private static final String LOGO_URI = "logoUri";
-	private static final String REDIRECT_URIS = "redirectUris";
-	private static final String REFRESH_TOKEN_VALIDITY_SECONDS = "refreshTokenValiditySeconds";
-	private static final String ACCESS_TOKEN_VALIDITY_SECONDS = "accessTokenValiditySeconds";
-	private static final String SECRET = "secret";
 	private static final String URI = "uri";
-	private static final String CREATOR_USER_ID = "creatorUserId";
-	private static final String APPROVED_ACCESS_TOKENS = "approvedAccessTokens";
-	private static final String ALLOWED_SCOPES = "allowedScopes";
-	private static final String USER_ID = "userId";
-	private static final String TIMEOUT_DATE = "timeoutDate";
-	private static final String CREATION_DATE = "creationDate";
-	private static final String ACCESS_DATE = "accessDate";
-	private static final String AUTHENTICATED = "authenticated";
-	private static final String SOURCE_CLASS = "sourceClass";
 	private static final String NAME = "name";
-	private static final String SAVED_USER_AUTHENTICATION = "savedUserAuthentication";
-	private static final String EXTENSIONS = "extensions";
-	private static final String RESPONSE_TYPES = "responseTypes";
-	private static final String REDIRECT_URI = "redirectUri";
-	private static final String APPROVED = "approved";
-	private static final String AUTHORITIES = "authorities";
-	private static final String RESOURCE_IDS = "resourceIds";
-	private static final String REQUEST_PARAMETERS = "requestParameters";
 	private static final String TYPE = "type";
-	private static final String SCOPE = "scope";
-	private static final String ID_TOKEN_ID = "idTokenId";
-	private static final String REFRESH_TOKEN_ID = "refreshTokenId";
 	private static final String VALUE = "value";
-	private static final String AUTHENTICATION_HOLDER_ID = "authenticationHolderId";
 	private static final String CLIENT_ID = "clientId";
 	private static final String EXPIRATION = "expiration";
 	private static final String ID = "id";
@@ -410,25 +350,25 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
 								reader.beginObject();
 								while (reader.hasNext()) {
 									switch (reader.peek()) {
-									case END_OBJECT:
+										case END_OBJECT:
-										continue;
+											continue;
-									case NAME:
+										case NAME:
-										String pname = reader.nextName();
+											String pname = reader.nextName();
-										if (reader.peek() == JsonToken.NULL) {
+											if (reader.peek() == JsonToken.NULL) {
-											reader.skipValue();
+												reader.skipValue();
-										} else if (pname.equals(RESOURCE_SET)) {
+											} else if (pname.equals(RESOURCE_SET)) {
-											rsid = reader.nextLong();
+												rsid = reader.nextLong();
-										} else if (pname.equals(SCOPES)) {
+											} else if (pname.equals(SCOPES)) {
-											scope = readSet(reader);
+												scope = readSet(reader);
-										} else {
+											} else {
+												logger.debug("Found unexpected entry");
+												reader.skipValue();
+											}
+											break;
+										default:
 											logger.debug("Found unexpected entry");
 											reader.skipValue();
-										}
+											continue;
-										break;
-									default:
-										logger.debug("Found unexpected entry");
-										reader.skipValue();
-										continue;
 									}
 								}
 								reader.endObject();
@@ -466,99 +406,99 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(CLAIMS_SUPPLIED)) {
+						} else if (name.equals(CLAIMS_SUPPLIED)) {
-						Set<Claim> claimsSupplied = new HashSet<>();
+							Set<Claim> claimsSupplied = new HashSet<>();
-						reader.beginArray();
+							reader.beginArray();
-						while (reader.hasNext()) {
+							while (reader.hasNext()) {
-							Claim c = new Claim();
+								Claim c = new Claim();
+								reader.beginObject();
+								while (reader.hasNext()) {
+									switch (reader.peek()) {
+										case END_OBJECT:
+											continue;
+										case NAME:
+											String cname = reader.nextName();
+											if (reader.peek() == JsonToken.NULL) {
+												reader.skipValue();
+											} else if (cname.equals(ISSUER)) {
+												c.setIssuer(readSet(reader));
+											} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
+												c.setClaimTokenFormat(readSet(reader));
+											} else if (cname.equals(CLAIM_TYPE)) {
+												c.setClaimType(reader.nextString());
+											} else if (cname.equals(FRIENDLY_NAME)) {
+												c.setFriendlyName(reader.nextString());
+											} else if (cname.equals(NAME)) {
+												c.setName(reader.nextString());
+											} else if (cname.equals(VALUE)) {
+												JsonElement e = parser.parse(reader.nextString());
+												c.setValue(e);
+											} else {
+												logger.debug("Found unexpected entry");
+												reader.skipValue();
+											}
+											break;
+										default:
+											logger.debug("Found unexpected entry");
+											reader.skipValue();
+											continue;
+									}
+								}
+								reader.endObject();
+								claimsSupplied.add(c);
+							}
+							reader.endArray();
+							ticket.setClaimsSupplied(claimsSupplied);
+						} else if (name.equals(EXPIRATION)) {
+							ticket.setExpiration(utcToDate(reader.nextString()));
+						} else if (name.equals(PERMISSION)) {
+							Permission p = new Permission();
+							Long rsid = null;
 							reader.beginObject();
 							while (reader.hasNext()) {
 								switch (reader.peek()) {
-								case END_OBJECT:
+									case END_OBJECT:
-									continue;
+										continue;
-								case NAME:
+									case NAME:
-									String cname = reader.nextName();
+										String pname = reader.nextName();
-									if (reader.peek() == JsonToken.NULL) {
+										if (reader.peek() == JsonToken.NULL) {
-										reader.skipValue();
+											reader.skipValue();
-									} else if (cname.equals(ISSUER)) {
+										} else if (pname.equals(RESOURCE_SET)) {
-										c.setIssuer(readSet(reader));
+											rsid = reader.nextLong();
-									} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
+										} else if (pname.equals(SCOPES)) {
-										c.setClaimTokenFormat(readSet(reader));
+											p.setScopes(readSet(reader));
-									} else if (cname.equals(CLAIM_TYPE)) {
+										} else {
-										c.setClaimType(reader.nextString());
+											logger.debug("Found unexpected entry");
-									} else if (cname.equals(FRIENDLY_NAME)) {
+											reader.skipValue();
-										c.setFriendlyName(reader.nextString());
+										}
-									} else if (cname.equals(NAME)) {
+										break;
-										c.setName(reader.nextString());
+									default:
-									} else if (cname.equals(VALUE)) {
-										JsonElement e = parser.parse(reader.nextString());
-										c.setValue(e);
-									} else {
 										logger.debug("Found unexpected entry");
 										reader.skipValue();
-									}
+										continue;
-									break;
-								default:
-									logger.debug("Found unexpected entry");
-									reader.skipValue();
-									continue;
 								}
 							}
 							reader.endObject();
-							claimsSupplied.add(c);
+							Permission saved = permissionRepository.saveRawPermission(p);
+							permissionToResourceRefs.put(saved.getId(), rsid);
+							ticket.setPermission(saved);
+						} else if (name.equals(TICKET)) {
+							ticket.setTicket(reader.nextString());
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						reader.endArray();
+						break;
-						ticket.setClaimsSupplied(claimsSupplied);
+					default:
-					} else if (name.equals(EXPIRATION)) {
-						ticket.setExpiration(utcToDate(reader.nextString()));
-					} else if (name.equals(PERMISSION)) {
-						Permission p = new Permission();
-						Long rsid = null;
-						reader.beginObject();
-						while (reader.hasNext()) {
-							switch (reader.peek()) {
-							case END_OBJECT:
-								continue;
-							case NAME:
-								String pname = reader.nextName();
-								if (reader.peek() == JsonToken.NULL) {
-									reader.skipValue();
-								} else if (pname.equals(RESOURCE_SET)) {
-									rsid = reader.nextLong();
-								} else if (pname.equals(SCOPES)) {
-									p.setScopes(readSet(reader));
-								} else {
-									logger.debug("Found unexpected entry");
-									reader.skipValue();
-								}
-								break;
-							default:
-								logger.debug("Found unexpected entry");
-								reader.skipValue();
-								continue;
-							}
-						}
-						reader.endObject();
-						Permission saved = permissionRepository.saveRawPermission(p);
-						permissionToResourceRefs.put(saved.getId(), rsid);
-						ticket.setPermission(saved);
-					} else if (name.equals(TICKET)) {
-						ticket.setTicket(reader.nextString());
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -582,114 +522,114 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ID)) {
+						} else if (name.equals(ID)) {
-						oldId = reader.nextLong();
+							oldId = reader.nextLong();
-					} else if (name.equals(CLIENT_ID)) {
+						} else if (name.equals(CLIENT_ID)) {
-						rs.setClientId(reader.nextString());
+							rs.setClientId(reader.nextString());
-					} else if (name.equals(ICON_URI)) {
+						} else if (name.equals(ICON_URI)) {
-						rs.setIconUri(reader.nextString());
+							rs.setIconUri(reader.nextString());
-					} else if (name.equals(NAME)) {
+						} else if (name.equals(NAME)) {
-						rs.setName(reader.nextString());
+							rs.setName(reader.nextString());
-					} else if (name.equals(TYPE)) {
+						} else if (name.equals(TYPE)) {
-						rs.setType(reader.nextString());
+							rs.setType(reader.nextString());
-					} else if (name.equals(URI)) {
+						} else if (name.equals(URI)) {
-						rs.setUri(reader.nextString());
+							rs.setUri(reader.nextString());
-					} else if (name.equals(OWNER)) {
+						} else if (name.equals(OWNER)) {
-						rs.setOwner(reader.nextString());
+							rs.setOwner(reader.nextString());
-					} else if (name.equals(POLICIES)) {
+						} else if (name.equals(POLICIES)) {
-						Set<Policy> policies = new HashSet<>();
+							Set<Policy> policies = new HashSet<>();
-						reader.beginArray();
+							reader.beginArray();
-						while (reader.hasNext()) {
-							Policy p = new Policy();
-							reader.beginObject();
 							while (reader.hasNext()) {
-								switch (reader.peek()) {
+								Policy p = new Policy();
-								case END_OBJECT:
+								reader.beginObject();
-									continue;
+								while (reader.hasNext()) {
-								case NAME:
+									switch (reader.peek()) {
-									String pname = reader.nextName();
+										case END_OBJECT:
-									if (reader.peek() == JsonToken.NULL) {
+											continue;
-										reader.skipValue();
+										case NAME:
-									} else if (pname.equals(NAME)) {
+											String pname = reader.nextName();
-										p.setName(reader.nextString());
+											if (reader.peek() == JsonToken.NULL) {
-									} else if (pname.equals(SCOPES)) {
+												reader.skipValue();
-										p.setScopes(readSet(reader));
+											} else if (pname.equals(NAME)) {
-									} else if (pname.equals(CLAIMS_REQUIRED)) {
+												p.setName(reader.nextString());
-										Set<Claim> claimsRequired = new HashSet<>();
+											} else if (pname.equals(SCOPES)) {
-										reader.beginArray();
+												p.setScopes(readSet(reader));
-										while (reader.hasNext()) {
+											} else if (pname.equals(CLAIMS_REQUIRED)) {
-											Claim c = new Claim();
+												Set<Claim> claimsRequired = new HashSet<>();
-											reader.beginObject();
+												reader.beginArray();
-											while (reader.hasNext()) {
+												while (reader.hasNext()) {
-												switch (reader.peek()) {
+													Claim c = new Claim();
-												case END_OBJECT:
+													reader.beginObject();
-													continue;
+													while (reader.hasNext()) {
-												case NAME:
+														switch (reader.peek()) {
-													String cname = reader.nextName();
+															case END_OBJECT:
-													if (reader.peek() == JsonToken.NULL) {
+																continue;
-														reader.skipValue();
+															case NAME:
-													} else if (cname.equals(ISSUER)) {
+																String cname = reader.nextName();
-														c.setIssuer(readSet(reader));
+																if (reader.peek() == JsonToken.NULL) {
-													} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
+																	reader.skipValue();
-														c.setClaimTokenFormat(readSet(reader));
+																} else if (cname.equals(ISSUER)) {
-													} else if (cname.equals(CLAIM_TYPE)) {
+																	c.setIssuer(readSet(reader));
-														c.setClaimType(reader.nextString());
+																} else if (cname.equals(CLAIM_TOKEN_FORMAT)) {
-													} else if (cname.equals(FRIENDLY_NAME)) {
+																	c.setClaimTokenFormat(readSet(reader));
-														c.setFriendlyName(reader.nextString());
+																} else if (cname.equals(CLAIM_TYPE)) {
-													} else if (cname.equals(NAME)) {
+																	c.setClaimType(reader.nextString());
-														c.setName(reader.nextString());
+																} else if (cname.equals(FRIENDLY_NAME)) {
-													} else if (cname.equals(VALUE)) {
+																	c.setFriendlyName(reader.nextString());
-														JsonElement e = parser.parse(reader.nextString());
+																} else if (cname.equals(NAME)) {
-														c.setValue(e);
+																	c.setName(reader.nextString());
-													} else {
+																} else if (cname.equals(VALUE)) {
-														logger.debug("Found unexpected entry");
+																	JsonElement e = parser.parse(reader.nextString());
-														reader.skipValue();
+																	c.setValue(e);
+																} else {
+																	logger.debug("Found unexpected entry");
+																	reader.skipValue();
+																}
+																break;
+															default:
+																logger.debug("Found unexpected entry");
+																reader.skipValue();
+																continue;
+														}
 													}
-													break;
+													reader.endObject();
-												default:
+													claimsRequired.add(c);
-													logger.debug("Found unexpected entry");
-													reader.skipValue();
-													continue;
 												}
+												reader.endArray();
+												p.setClaimsRequired(claimsRequired);
+											} else {
+												logger.debug("Found unexpected entry");
+												reader.skipValue();
 											}
-											reader.endObject();
+											break;
-											claimsRequired.add(c);
+										default:
-										}
+											logger.debug("Found unexpected entry");
-										reader.endArray();
+											reader.skipValue();
-										p.setClaimsRequired(claimsRequired);
+											continue;
-									} else {
-										logger.debug("Found unexpected entry");
-										reader.skipValue();
 									}
-									break;
-								default:
-									logger.debug("Found unexpected entry");
-									reader.skipValue();
-									continue;
 								}
+								reader.endObject();
+								policies.add(p);
 							}
-							reader.endObject();
+							reader.endArray();
-							policies.add(p);
+							rs.setPolicies(policies);
+						} else if (name.equals(SCOPES)) {
+							rs.setScopes(readSet(reader));
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
 						}
-						reader.endArray();
+						break;
-						rs.setPolicies(policies);
+					default:
-					} else if (name.equals(SCOPES)) {
-						rs.setScopes(readSet(reader));
-					} else {
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();
@@ -711,25 +651,25 @@ public class UmaDataServiceExtension_1_3 extends MITREidDataServiceSupport imple
 			reader.beginObject();
 			while (reader.hasNext()) {
 				switch (reader.peek()) {
-				case END_OBJECT:
+					case END_OBJECT:
-					continue;
+						continue;
-				case NAME:
+					case NAME:
-					String name = reader.nextName();
+						String name = reader.nextName();
-					if (reader.peek() == JsonToken.NULL) {
+						if (reader.peek() == JsonToken.NULL) {
-						reader.skipValue();
+							reader.skipValue();
-					} else if (name.equals(ISSUER)) {
+						} else if (name.equals(ISSUER)) {
-						issuer = reader.nextString();
+							issuer = reader.nextString();
-					} else if (name.equals(REGISTERED_CLIENT)) {
+						} else if (name.equals(REGISTERED_CLIENT)) {
-						clientString = reader.nextString();
+							clientString = reader.nextString();
-					} else {
+						} else {
+							logger.debug("Found unexpected entry");
+							reader.skipValue();
+						}
+						break;
+					default:
 						logger.debug("Found unexpected entry");
 						reader.skipValue();
-					}
+						continue;
-					break;
-				default:
-					logger.debug("Found unexpected entry");
-					reader.skipValue();
-					continue;
 				}
 			}
 			reader.endObject();

uma-server/src/main/java/org/mitre/uma/view/ResourceSetEntityAbbreviatedView.java

@@ -56,28 +56,28 @@ public class ResourceSetEntityAbbreviatedView extends AbstractView {
 	private ConfigurationPropertiesBean config;
 
 	private Gson gson = new GsonBuilder()
-	.setExclusionStrategies(new ExclusionStrategy() {
+			.setExclusionStrategies(new ExclusionStrategy() {
 
-		@Override
+				@Override
-		public boolean shouldSkipField(FieldAttributes f) {
+				public boolean shouldSkipField(FieldAttributes f) {
 
-			return false;
+					return false;
-		}
+				}
 
-		@Override
+				@Override
-		public boolean shouldSkipClass(Class<?> clazz) {
+				public boolean shouldSkipClass(Class<?> clazz) {
-			// skip the JPA binding wrapper
+					// skip the JPA binding wrapper
-			if (clazz.equals(BeanPropertyBindingResult.class)) {
+					if (clazz.equals(BeanPropertyBindingResult.class)) {
-				return true;
+						return true;
-			}
+					}
-			return false;
+					return false;
-		}
+				}
 
-	})
+			})
-	.serializeNulls()
+			.serializeNulls()
-	.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
+			.setDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
-	.setLongSerializationPolicy(LongSerializationPolicy.STRING)
+			.setLongSerializationPolicy(LongSerializationPolicy.STRING)
-	.create();
+			.create();
 
 	@Override
 	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {