String browserIdAssertion = request.getParameter(getAssertionParameterName());
// String assertionAudience = request.getParameter(getAudienceParameterName());
if(browserIdAssertion != null) {
BrowserIdVerifier verifier = new BrowserIdVerifier(getVerificationServiceUrl());
BrowserIdResponse response = null;
String audience = request.getRequestURL().toString();
try {
URL url = new URL(audience);
audience = url.getHost();
} catch (MalformedURLException e) {
throw new BrowserIdAuthenticationException("Malformed request URL", e);
}
// Assert.hasLength("Unable to determine hostname",audience);
// if(!StringUtils.equals(audience, assertionAudience)){
// logger.error("Server and client-side audience don't match");
// }
try {
response = verifier.verify(browserIdAssertion, audience);
} catch (HttpException e) {
throw new BrowserIdAuthenticationException("Error calling verify service [" + verifier.getVerifyUrl() + "]", e);
} catch (IOException e) {
throw new BrowserIdAuthenticationException("Error calling verify service [" + verifier.getVerifyUrl() + "]", e);
} catch (JSONException e){
throw new BrowserIdAuthenticationException("Could not parse response from verify service [" + verifier.getVerifyUrl() + "]", e);
}
if(response != null){
if(response.getStatus() == BrowserIdResponse.Status.OK){
BrowserIdAuthenticationToken token = new BrowserIdAuthenticationToken(response, browserIdAssertion);