Fix NPE if no claims are requested for the userinfo object

This happens if clients only requests id_token claims, or just send an empty claims parameter. Change-Id: I8bd176ad271bda8a1e2f26b6221bd8e2d0a3ebfb

Author: leonard84

openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java

@@ -148,18 +148,8 @@ private JsonObject toJsonFromRequestObj(UserInfo ui, Set<String> scope, JsonObje
 Set<String> authorizedByClaims = new HashSet<>();
 Set<String> requestedByClaims = new HashSet<>();
 
-if (authorizedClaims != null) {
-JsonObject userinfoAuthorized = authorizedClaims.getAsJsonObject().get("userinfo").getAsJsonObject();
-for (Entry<String, JsonElement> entry : userinfoAuthorized.getAsJsonObject().entrySet()) {
-authorizedByClaims.add(entry.getKey());
-}
-}
-if (requestedClaims != null) {
-JsonObject userinfoRequested = requestedClaims.getAsJsonObject().get("userinfo").getAsJsonObject();
-for (Entry<String, JsonElement> entry : userinfoRequested.getAsJsonObject().entrySet()) {
-requestedByClaims.add(entry.getKey());
-}
-}
+extractUserInfoClaimsIntoSet(authorizedClaims, authorizedByClaims);
+extractUserInfoClaimsIntoSet(requestedClaims, requestedByClaims);
 
 // Filter claims by performing a manual intersection of claims that are allowed by the given scope, requested, and authorized.
 // We cannot use Sets.intersection() or similar because Entry<> objects will evaluate to being unequal if their values are
@@ -180,4 +170,15 @@ private JsonObject toJsonFromRequestObj(UserInfo ui, Set<String> scope, JsonObje
 
 return result;
 }
+
+private void extractUserInfoClaimsIntoSet(JsonObject claims, Set<String> target) {
+if (claims != null) {
+JsonObject userinfoAuthorized = claims.getAsJsonObject("userinfo");
+if (userinfoAuthorized != null) {
+for (Entry<String, JsonElement> entry : userinfoAuthorized.entrySet()) {
+target.add(entry.getKey());
+}
+}
+}
+}
 }