From 863e1528d5c77875c4e4f9cc6c9555e35c21ab85 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Sat, 6 Oct 2012 00:10:25 +0000
Subject: [PATCH] https://issues.shibboleth.net/jira/browse/CPPXT-91

---
 xmltooling/security/impl/InlineKeyResolver.cpp | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/xmltooling/security/impl/InlineKeyResolver.cpp b/xmltooling/security/impl/InlineKeyResolver.cpp
index 0246cb8..4e32025 100644
--- a/xmltooling/security/impl/InlineKeyResolver.cpp
+++ b/xmltooling/security/impl/InlineKeyResolver.cpp
@@ -115,6 +115,11 @@ namespace xmltooling {
         void resolve(const KeyInfo* keyInfo, int types=0, bool followRefs=false);
         void resolve(DSIGKeyInfoList* keyInfo, int types=0, bool followRefs=false);
 
+        bool isEmpty() const {
+            return (!m_key && m_xseccerts.empty() && m_crls.empty() &&
+                m_keyNames.empty() && m_serial.empty() && m_issuerName.empty());
+        }
+
     private:
         bool resolveCerts(const KeyInfo* keyInfo, bool followRefs=false);
         bool resolveKey(const KeyInfo* keyInfo, bool followRefs=false);
@@ -141,7 +146,7 @@ namespace xmltooling {
                 types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
             auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
             credential->resolve(keyInfo, types, m_followRefs);
-            return credential.release();
+            return credential->isEmpty() ? nullptr : credential.release();
         }
         Credential* resolve(DSIGKeyInfoList* keyInfo, int types=0) const {
             if (!keyInfo)
@@ -150,7 +155,7 @@ namespace xmltooling {
                 types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
             auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
             credential->resolve(keyInfo, types, m_followRefs);
-            return credential.release();
+            return credential->isEmpty() ? nullptr : credential.release();
         }
         Credential* resolve(KeyInfoCredentialContext* context, int types=0) const {
             if (!context)
@@ -162,7 +167,9 @@ namespace xmltooling {
                 credential->resolve(context->getKeyInfo(), types, m_followRefs);
             else if (context->getNativeKeyInfo())
                 credential->resolve(context->getNativeKeyInfo(), types, m_followRefs);
-            credential->setCredentialContext(context);
+            if (credential->isEmpty())
+                return nullptr;
+            credential->setCredentialContext(context);  // transfers ownership to credential
             return credential.release();
         }
 
-- 
2.1.4