Standardize and expand unit tests

[Avery-Dunn]

This PR systematically expands unit test coverage across the core classes identified as having significant gaps in a JaCoCo coverage analysis report.

Several pre-existing bugs were discovered and documented during testing. The tests themselves are intentionally written to document current behavior (including bugs), not to mask or fix them, and these will be handled in a separate PR.

Test Results

Metric	Before	After	Change
Total unit tests	342	522	+180 (both single-config and parameterized test methods)
Line coverage	69.0%	76.2%	+7.2%
Branch coverage	55.9%	63.0%	+7.1%

Changes

This PR focuses on a few "groups" of classes, each of which has similar behavior and test scenarios, as well as some core classes where most successful token flows end (and thus provide a common area to verify behavior in earlier parts of test's flow)

Group 1: Application Classes (ApplicationBuilderTest.java — 53 new tests)

Tests for PublicClientApplication, ConfidentialClientApplication, ManagedIdentityApplication, and their builders.

Class	Line Coverage	Branch Coverage
PublicClientApplication	31.9% → 58.5%	31.8% → 54.5%
PCA.Builder	66.7% → 100%	—
CCA.Builder	53.8% → 100%	0% → 100%
ManagedIdentityApplication	93.3% → 100%	—
MIA.Builder	88.9% → 100%	—
AbstractClientApplicationBase.Builder	73.5% → 89.7%	—

Covers: authority types (AAD, B2C, ADFS, CIAM, OIDC), builder option propagation, null validation, broker integration, instance discovery settings.

Group 2: Parameters Classes (ParameterBuilderTest.java — 60 new tests, AuthorizationRequestUrlParametersTest.java — 6 new tests)

Tests for all 14 parameter builder classes (ClientCredentialParameters, SilentParameters, OnBehalfOfParameters, InteractiveRequestParameters, etc.).

Class	Line Coverage
DeviceCodeFlowParameters	68.4% → 100%
IntegratedWindowsAuthenticationParameters	0% → 100%
AppTokenProviderParameters	0% → 100%
PopParameters	61.5% → 100% (branch: 50% → 100%)
InteractiveRequestParameters	71.1% → 94.7%
AuthorizationRequestUrlParameters	73.5% → 88.2%

Bugs discovered:

• DeviceCodeFlowParameters.Builder.deviceCodeConsumer() validates scopes instead of deviceCodeConsumer (copy-paste bug)
• RefreshTokenParameters.Builder.refreshToken() validates scopes instead of
  efreshToken (copy-paste bug)

Group 3: Supplier Classes (AppTokenProviderTest.java — 14 new tests)

Tests for AcquireTokenByAppProviderSupplier and the app token provider branch of AcquireTokenByClientCredentialSupplier.

Class	Line Coverage	Branch Coverage
AcquireTokenByAppProviderSupplier	0% → 92.1%	0% → 100%
AcquireTokenByClientCredentialSupplier	75% → 98.1%	60% → 80%
TokenProviderResult	0% → 100%	—
AppTokenProviderParameters	0% → 100%	—

Covers: valid/invalid provider results, parameter propagation, cache bypass behavior, refresh-in auto-calculation, exception wrapping.

Group 4: Request Classes (3 new tests in ApplicationBuilderTest.java)

Tests for InteractiveRequest.validateRedirectUrl() — the only directly testable validation logic in request classes. Other request classes are thin internal DTOs tested indirectly through flow tests.

Class	Line Coverage	Branch Coverage
InteractiveRequest	24.5% → 35.8%	40% → 60%

Note: Only rejection tests (invalid schemes, non-loopback hosts) were added. Valid redirect URI tests were intentionally excluded because InteractiveRequest launches a real browser when validation passes, and actual browser interaction is handled by integration tests.

Token Cache (CacheTest.java — 11 new tests)

Class	Line Coverage	Branch Coverage
TokenCache	92.4% → 96.2%	68.1% → 76.6%
CacheAspect	0% → 100%	0% → 100%

Covers: serialization round-trips, account removal, cache merge, CacheAspect lifecycle callbacks, FOCI/family RT selection,
efreshOn propagation.

AuthenticationResult (AuthenticationResultTest.java — 35 new tests)

Class	Line Coverage	Branch Coverage
AuthenticationResult	46.9% → 97.5%	8.6% → 81.4%
AuthenticationResultMetadata	81.2% → 100%	50% → 100%

Bug discovered (HIGH severity):

• Field initialization order bug causes idTokenObject, �ccount, and enantProfile derived fields to always be
  ull when set via the builder, because field initializers execute before the constructor body in Java
• Latent NPE in getTenantProfile() when idToken is set but �ccountCacheEntity is null (currently masked by the init order bug)
• �quals()/hashCode() comparisons for idTokenObject, �ccount, and enantProfile are effectively no-ops due to the above

Test Infrastructure & Maintainability Improvements

Shared Helpers (TestHelper.java)

Added centralized test infrastructure to reduce duplication across test files:

• Constants: TEST_CLIENT_ID, TEST_SECRET, TEST_AUTHORITY, TEST_SCOPE, TEST_SCOPE_SET
• Builder helpers: �uildCca(IHttpClient), �uildCca(IClientCredential, IHttpClient), �uildCcaWithAppTokenProvider(Function), �uildPca()
• Mock helpers: mockSuccessfulTokenResponse(IHttpClient), mockSuccessfulTokenResponse(IHttpClient, HashMap) — replaces the common 3-line mock setup pattern

Code Quality Fixes in Existing Tests

• Fixed 5 reversed �ssertEquals(actual, expected) calls in CacheFormatTest
• Moved duplicate getEmptyBase64EncodedJson()/getJWTHeaderBase64EncodedJson() to TestHelper
• Removed unnecessary @testinstance(PER_CLASS) from AcquireTokenSilentlyTest, FmiTest, AccountTest, AuthorizationRequestUrlParametersTest
• Removed duplicate
  eadResource() from AccountTest (delegated to TestHelper)
• Fixed misleading comment in ClientCredentialTest
• Parameterized validation tests in AppTokenProviderTest using @ParameterizedTest + @MethodSource
• Fixed "expires_0n" typo in TestHelper.getSuccessfulTokenResponse() (latent bug)