try {
data.setSigVerCrypto(new CryptoLoader().getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES));
} catch (IOException ex) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
data.setEnableRevocation(MessageUtils.isTrue(
message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
Signature sig = assertion.getSignature();
KeyInfo keyInfo = sig.getKeyInfo();
SAMLKeyInfo samlKeyInfo =
SAMLUtil.getCredentialDirectlyFromKeyInfo(
keyInfo.getDOM(), data.getSigVerCrypto()
);
assertion.verifySignature(samlKeyInfo);
} else if (getTLSCertificates(message) == null) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
}
if (samlValidator != null) {
Credential credential = new Credential();
credential.setSamlAssertion(assertion);
samlValidator.validate(credential, data);
}
samlOAuthValidator.validate(message, assertion);
} catch (Exception ex) {
throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
}
}