Polish spring-security-openid main code

Manually polish `spring-security-openid` following the formatting
and checkstyle fixes.

Issue gh-8945

openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java

@@ -80,27 +80,28 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 	@Override
 	public String beginConsumption(HttpServletRequest req, String identityUrl, String returnToUrl, String realm)
 			throws OpenIDConsumerException {
-		List<DiscoveryInformation> discoveries;
+		List<DiscoveryInformation> discoveries = getDiscoveries(identityUrl);
+		DiscoveryInformation information = this.consumerManager.associate(discoveries);
+		req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
+		AuthRequest authReq = getAuthRequest(req, identityUrl, returnToUrl, realm, information);
+		return authReq.getDestinationUrl(true);
+	}
 
+	private List<DiscoveryInformation> getDiscoveries(String identityUrl) throws OpenIDConsumerException {
 		try {
-			discoveries = this.consumerManager.discover(identityUrl);
+			return this.consumerManager.discover(identityUrl);
 		}
 		catch (DiscoveryException ex) {
 			throw new OpenIDConsumerException("Error during discovery", ex);
 		}
+	}
 
-		DiscoveryInformation information = this.consumerManager.associate(discoveries);
-		req.getSession().setAttribute(DISCOVERY_INFO_KEY, information);
-
-		AuthRequest authReq;
-
+	private AuthRequest getAuthRequest(HttpServletRequest req, String identityUrl, String returnToUrl, String realm,
+			DiscoveryInformation information) throws OpenIDConsumerException {
 		try {
-			authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
-
+			AuthRequest authReq = this.consumerManager.authenticate(information, returnToUrl, realm);
 			this.logger.debug("Looking up attribute fetch list for identifier: " + identityUrl);
-
 			List<OpenIDAttribute> attributesToFetch = this.attributesToFetchFactory.createAttributeList(identityUrl);
-
 			if (!attributesToFetch.isEmpty()) {
 				req.getSession().setAttribute(ATTRIBUTE_LIST_KEY, attributesToFetch);
 				FetchRequest fetchRequest = FetchRequest.createFetchRequest();
@@ -112,12 +113,11 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 				}
 				authReq.addExtension(fetchRequest);
 			}
+			return authReq;
 		}
 		catch (MessageException | ConsumerException ex) {
 			throw new OpenIDConsumerException("Error processing ConsumerManager authentication", ex);
 		}
-
-		return authReq.getDestinationUrl(true);
 	}
 
 	@Override
@@ -125,42 +125,32 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		// extract the parameters from the authentication response
 		// (which comes in as a HTTP request from the OpenID provider)
 		ParameterList openidResp = new ParameterList(request.getParameterMap());
-
 		// retrieve the previously stored discovery information
 		DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
-
 		if (discovered == null) {
 			throw new OpenIDConsumerException(
 					"DiscoveryInformation is not available. Possible causes are lost session or replay attack");
 		}
-
 		List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession()
 				.getAttribute(ATTRIBUTE_LIST_KEY);
-
 		request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
 		request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
-
 		// extract the receiving URL from the HTTP request
 		StringBuffer receivingURL = request.getRequestURL();
 		String queryString = request.getQueryString();
-
 		if (StringUtils.hasLength(queryString)) {
 			receivingURL.append("?").append(request.getQueryString());
 		}
-
 		// verify the response
 		VerificationResult verification;
-
 		try {
 			verification = this.consumerManager.verify(receivingURL.toString(), openidResp, discovered);
 		}
 		catch (MessageException | AssociationException | DiscoveryException ex) {
 			throw new OpenIDConsumerException("Error verifying openid response", ex);
 		}
-
 		// examine the verification result and extract the verified identifier
 		Identifier verified = verification.getVerifiedId();
-
 		if (verified == null) {
 			Identifier id = discovered.getClaimedIdentifier();
 			return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE,
@@ -168,30 +158,23 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 					"Verification status message: [" + verification.getStatusMsg() + "]",
 					Collections.<OpenIDAttribute>emptyList());
 		}
-
 		List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
-
 		return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(),
 				"some message", attributes);
 	}
 
 	List<OpenIDAttribute> fetchAxAttributes(Message authSuccess, List<OpenIDAttribute> attributesToFetch)
 			throws OpenIDConsumerException {
-
 		if (attributesToFetch == null || !authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
 			return Collections.emptyList();
 		}
-
 		this.logger.debug("Extracting attributes retrieved by attribute exchange");
-
 		List<OpenIDAttribute> attributes = Collections.emptyList();
-
 		try {
 			MessageExtension ext = authSuccess.getExtension(AxMessage.OPENID_NS_AX);
 			if (ext instanceof FetchResponse) {
 				FetchResponse fetchResp = (FetchResponse) ext;
 				attributes = new ArrayList<>(attributesToFetch.size());
-
 				for (OpenIDAttribute attr : attributesToFetch) {
 					List<String> values = fetchResp.getAttributeValues(attr.getName());
 					if (!values.isEmpty()) {
@@ -205,11 +188,9 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 		catch (MessageException ex) {
 			throw new OpenIDConsumerException("Attribute retrieval failed", ex);
 		}
-
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Retrieved attributes" + attributes);
 		}
-
 		return attributes;
 	}
 

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationFilter.java

@@ -95,7 +95,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	@Override
 	public void afterPropertiesSet() {
 		super.afterPropertiesSet();
-
 		if (this.consumer == null) {
 			try {
 				this.consumer = new OpenID4JavaConsumer();
@@ -104,7 +103,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				throw new IllegalArgumentException("Failed to initialize OpenID", ex);
 			}
 		}
-
 		if (this.returnToUrlParameters.isEmpty() && getRememberMeServices() instanceof AbstractRememberMeServices) {
 			this.returnToUrlParameters = new HashSet<>();
 			this.returnToUrlParameters.add(((AbstractRememberMeServices) getRememberMeServices()).getParameter());
@@ -124,12 +122,9 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
 			throws AuthenticationException, IOException {
 		OpenIDAuthenticationToken token;
-
 		String identity = request.getParameter("openid.identity");
-
 		if (!StringUtils.hasText(identity)) {
 			String claimedIdentity = obtainUsername(request);
-
 			try {
 				String returnToUrl = buildReturnToUrl(request);
 				String realm = lookupRealm(returnToUrl);
@@ -139,7 +134,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 					this.logger.debug("Redirecting to " + openIdUrl);
 				}
 				response.sendRedirect(openIdUrl);
-
 				// Indicate to parent class that authentication is continuing.
 				return null;
 			}
@@ -149,34 +143,27 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 						"Unable to process claimed identity '" + claimedIdentity + "'");
 			}
 		}
-
 		if (this.logger.isDebugEnabled()) {
 			this.logger.debug("Supplied OpenID identity is " + identity);
 		}
-
 		try {
 			token = this.consumer.endConsumption(request);
 		}
-		catch (OpenIDConsumerException oice) {
-			throw new AuthenticationServiceException("Consumer error", oice);
+		catch (OpenIDConsumerException ex) {
+			throw new AuthenticationServiceException("Consumer error", ex);
 		}
-
 		token.setDetails(this.authenticationDetailsSource.buildDetails(request));
-
 		// delegate to the authentication provider
 		Authentication authentication = this.getAuthenticationManager().authenticate(token);
-
 		return authentication;
 	}
 
 	protected String lookupRealm(String returnToUrl) {
 		String mapping = this.realmMapping.get(returnToUrl);
-
 		if (mapping == null) {
 			try {
 				URL url = new URL(returnToUrl);
 				int port = url.getPort();
-
 				StringBuilder realmBuffer = new StringBuilder(returnToUrl.length()).append(url.getProtocol())
 						.append("://").append(url.getHost());
 				if (port > 0) {
@@ -189,7 +176,6 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 				this.logger.warn("returnToUrl was not a valid URL: [" + returnToUrl + "]", ex);
 			}
 		}
-
 		return mapping;
 	}
 
@@ -201,25 +187,20 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 */
 	protected String buildReturnToUrl(HttpServletRequest request) {
 		StringBuffer sb = request.getRequestURL();
-
 		Iterator<String> iterator = this.returnToUrlParameters.iterator();
 		boolean isFirst = true;
-
 		while (iterator.hasNext()) {
 			String name = iterator.next();
 			// Assume for simplicity that there is only one value
 			String value = request.getParameter(name);
-
 			if (value == null) {
 				continue;
 			}
-
 			if (isFirst) {
 				sb.append("?");
 				isFirst = false;
 			}
 			sb.append(utf8UrlEncode(name)).append("=").append(utf8UrlEncode(value));
-
 			if (iterator.hasNext()) {
 				sb.append("&");
 			}
@@ -232,12 +213,10 @@ public class OpenIDAuthenticationFilter extends AbstractAuthenticationProcessing
 	 */
 	protected String obtainUsername(HttpServletRequest req) {
 		String claimedIdentity = req.getParameter(this.claimedIdentityFieldName);
-
 		if (!StringUtils.hasText(claimedIdentity)) {
 			this.logger.error("No claimed identity supplied in authentication request");
 			return "";
 		}
-
 		return claimedIdentity.trim();
 	}
 

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationProvider.java

@@ -66,42 +66,33 @@ public class OpenIDAuthenticationProvider implements AuthenticationProvider, Ini
 
 	@Override
 	public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
-
 		if (!supports(authentication.getClass())) {
 			return null;
 		}
-
-		if (authentication instanceof OpenIDAuthenticationToken) {
-			OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
-			OpenIDAuthenticationStatus status = response.getStatus();
-
-			// handle the various possibilities
-			if (status == OpenIDAuthenticationStatus.SUCCESS) {
-				// Lookup user details
-				UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
-
-				return createSuccessfulAuthentication(userDetails, response);
-
-			}
-			else if (status == OpenIDAuthenticationStatus.CANCELLED) {
-				throw new AuthenticationCancelledException("Log in cancelled");
-			}
-			else if (status == OpenIDAuthenticationStatus.ERROR) {
-				throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
-			}
-			else if (status == OpenIDAuthenticationStatus.FAILURE) {
-				throw new BadCredentialsException("Log in failed - identity could not be verified");
-			}
-			else if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
-				throw new AuthenticationServiceException(
-						"The server responded setup was needed, which shouldn't happen");
-			}
-			else {
-				throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
-			}
+		if (!(authentication instanceof OpenIDAuthenticationToken)) {
+			return null;
 		}
-
-		return null;
+		OpenIDAuthenticationToken response = (OpenIDAuthenticationToken) authentication;
+		OpenIDAuthenticationStatus status = response.getStatus();
+		// handle the various possibilities
+		if (status == OpenIDAuthenticationStatus.SUCCESS) {
+			// Lookup user details
+			UserDetails userDetails = this.userDetailsService.loadUserDetails(response);
+			return createSuccessfulAuthentication(userDetails, response);
+		}
+		if (status == OpenIDAuthenticationStatus.CANCELLED) {
+			throw new AuthenticationCancelledException("Log in cancelled");
+		}
+		if (status == OpenIDAuthenticationStatus.ERROR) {
+			throw new AuthenticationServiceException("Error message from server: " + response.getMessage());
+		}
+		if (status == OpenIDAuthenticationStatus.FAILURE) {
+			throw new BadCredentialsException("Log in failed - identity could not be verified");
+		}
+		if (status == OpenIDAuthenticationStatus.SETUP_NEEDED) {
+			throw new AuthenticationServiceException("The server responded setup was needed, which shouldn't happen");
+		}
+		throw new AuthenticationServiceException("Unrecognized return value " + status.toString());
 	}
 
 	/**

openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java

@@ -63,7 +63,6 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
 	 * Created by the <tt>OpenIDAuthenticationProvider</tt> on successful authentication.
 	 * @param principal usually the <tt>UserDetails</tt> returned by the configured
 	 * <tt>UserDetailsService</tt> used by the <tt>OpenIDAuthenticationProvider</tt>.
-	 *
 	 */
 	public OpenIDAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities,
 			String identityUrl, List<OpenIDAttribute> attributes) {

openid/src/main/java/org/springframework/security/openid/RegexBasedAxFetchListFactory.java

@@ -57,7 +57,6 @@ public class RegexBasedAxFetchListFactory implements AxFetchListFactory {
 				return entry.getValue();
 			}
 		}
-
 		return Collections.emptyList();
 	}