b2cc4b22eb064e6a0b242646cb50772f8edc55d2,rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java,AbstractXmlSigInHandler,checkSignature,#Message#,64
Before Change
}
// validate trust
new TrustValidator().validateTrust(crypto, cert, keyInfo.getPublicKey());
if (valid && persistSignature) {
message.setContent(XMLSignature.class, signature);
After Change
// See also WSS4J SAMLUtil.getCredentialFromKeyInfo
KeyInfo keyInfo = signature.getKeyInfo();
if (keyInfo != null) {
cert = keyInfo.getX509Certificate();
if (cert != null) {
valid = signature.checkSignatureValue(cert);
} else {
publicKey = keyInfo.getPublicKey();
if (publicKey != null) {
valid = signature.checkSignatureValue(publicKey);
}