plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SAMLTokenValidator.java [193:226]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
                for (TrustedIssuer ti : trustedIssuers) {
                    Pattern subjectConstraint = ti.getCompiledSubject();
                    List<Pattern> subjectConstraints = new ArrayList<>(1);
                    if (subjectConstraint != null) {
                        subjectConstraints.add(subjectConstraint);
                    }
                
                    if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
                        trustValidator.setSubjectConstraints(subjectConstraints);
                        trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
                    } else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
                        trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
                    } else {
                        throw new IllegalStateException("Unsupported certificate validation method: "
                                                        + ti.getCertificateValidationMethod());
                    }
                    try {
                        for (TrustManager tm: config.getCertificateStores()) {
                            try {
                                requestData.setSigVerCrypto(tm.getCrypto());
                                trustValidator.validate(trustCredential, requestData);
                                trusted = true;
                                break;
                            } catch (Exception ex) {
                                LOG.debug("Issuer '{}' not validated in keystore '{}'",
                                          ti.getName(), tm.getName());
                            }
                        }
                        if (trusted) {
                            break;
                        }
                
                    } catch (Exception ex) {
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



plugins/core/src/main/java/org/apache/cxf/fediz/core/samlsso/SAMLProtocolResponseValidator.java [197:230]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        List<TrustedIssuer> trustedIssuers = config.getTrustedIssuers();
        for (TrustedIssuer ti : trustedIssuers) {
            Pattern subjectConstraint = ti.getCompiledSubject();
            List<Pattern> subjectConstraints = new ArrayList<>(1);
            if (subjectConstraint != null) {
                subjectConstraints.add(subjectConstraint);
            }

            if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.CHAIN_TRUST)) {
                trustValidator.setSubjectConstraints(subjectConstraints);
                trustValidator.setSignatureTrustType(TrustType.CHAIN_TRUST_CONSTRAINTS);
            } else if (ti.getCertificateValidationMethod().equals(CertificateValidationMethod.PEER_TRUST)) {
                trustValidator.setSignatureTrustType(TrustType.PEER_TRUST);
            } else {
                throw new IllegalStateException("Unsupported certificate validation method: "
                                                + ti.getCertificateValidationMethod());
            }
            try {
                for (TrustManager tm: config.getCertificateStores()) {
                    try {
                        requestData.setSigVerCrypto(tm.getCrypto());
                        trustValidator.validate(trustCredential, requestData);
                        trusted = true;
                        break;
                    } catch (Exception ex) {
                        LOG.debug("Issuer '{}' not validated in keystore '{}'",
                                  ti.getName(), tm.getName());
                    }
                }
                if (trusted) {
                    break;
                }

            } catch (Exception ex) {
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -