// If wsse:KeyIdentifier found, then the public key of the attached cert was used to
// encrypt the session (symmetric) key that encrypts the data. Extract the certificate
// using the BinarySecurity token (was enhanced to handle KeyIdentifier too).
// This method is _not_ recommended by OASIS WS-S specification, X509 profile
//
else if (secRef.containsKeyIdentifier()) {
if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())
|| WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) {
AssertionWrapper assertion =
SAMLUtil.getAssertionFromKeyIdentifier(
secRef, strElement, data, wsDocInfo