diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index 3c991ce946c1a6b6391f0d5d599733f6b40fb4a0..2c48723f8a2ad649396729325623b2fe8b9717b6 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -14,7 +14,7 @@ class SimpleSAML_Auth_TimeLimitedToken {
*/
public function __construct( $lifetime = 900, $secretSalt = NULL, $skew = 1) {
if ($secretSalt === NULL) {
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
}
$this->secretSalt = $secretSalt;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index f130b24f819a8ca84a18534db1867f3ca45b649f..e5f814adea0bc265b35c77e343d91324bd25ce6a 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1161,27 +1161,10 @@ class SimpleSAML_Utilities {
/**
- * Retrieve secret salt.
- *
- * This function retrieves the value which is configured as the secret salt. It will
- * check that the value exists and is set to a non-default value. If it isn't, an
- * exception will be thrown.
- *
- * The secret salt can be used as a component in hash functions, to make it difficult to
- * test all possible values in order to retrieve the original value. It can also be used
- * as a simple method for signing data, by hashing the data together with the salt.
- *
- * @return string The secret salt.
+ * @deprecated This function will be removed in SSP 2.0. Please use SimpleSAML_Utils_Config::getSecretSalt() instead.
*/
public static function getSecretSalt() {
-
- $secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
- if ($secretSalt === 'defaultsecretsalt') {
- throw new Exception('The "secretsalt" configuration option must be set to a secret' .
- ' value.');
- }
-
- return $secretSalt;
+ return SimpleSAML_Utils_Config::getSecretSalt();
}
diff --git a/lib/SimpleSAML/Utils/Config.php b/lib/SimpleSAML/Utils/Config.php
new file mode 100644
index 0000000000000000000000000000000000000000..43ade2aa672a63fe598f2089798fb557e3e2781f
--- /dev/null
+++ b/lib/SimpleSAML/Utils/Config.php
@@ -0,0 +1,36 @@
+<?php
+
+
+/**
+ * Utility class for SimpleSAMLphp configuration management and manipulation.
+ *
+ * @package SimpleSAMLphp
+ */
+class SimpleSAML_Utils_Config
+{
+
+ /**
+ * Retrieve the secret salt.
+ *
+ * This function retrieves the value which is configured as the secret salt. It will check that the value exists
+ * and is set to a non-default value. If it isn't, an exception will be thrown.
+ *
+ * The secret salt can be used as a component in hash functions, to make it difficult to test all possible values
+ * in order to retrieve the original value. It can also be used as a simple method for signing data, by hashing the
+ * data together with the salt.
+ *
+ * @return string The secret salt.
+ *
+ * @throws SimpleSAML_Error_Exception If the secret salt hasn't been configured.
+ * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ */
+ public static function getSecretSalt()
+ {
+ $secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
+ if ($secretSalt === 'defaultsecretsalt') {
+ throw new SimpleSAML_Error_Exception('The "secretsalt" configuration option must be set to a secret value.');
+ }
+
+ return $secretSalt;
+ }
+}
\ No newline at end of file
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index c3090e18bc815f0bbae9f5ac21427691b70d3042..d7eee79abdd844846743153df41e02d39eea577f 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -34,7 +34,7 @@ class SimpleSAML_Utils_Crypto
$ivSize = mcrypt_get_iv_size($enc, $mode);
$keySize = mcrypt_get_key_size($enc, $mode);
- $key = hash('sha256', SimpleSAML_Utilities::getSecretSalt(), true);
+ $key = hash('sha256', SimpleSAML_Utils_Config::getSecretSalt(), true);
$key = substr($key, 0, $keySize);
$iv = substr($ciphertext, 0, $ivSize);
@@ -75,7 +75,7 @@ class SimpleSAML_Utils_Crypto
$ivSize = mcrypt_get_iv_size($enc, $mode);
$keySize = mcrypt_get_key_size($enc, $mode);
- $key = hash('sha256', SimpleSAML_Utilities::getSecretSalt(), true);
+ $key = hash('sha256', SimpleSAML_Utils_Config::getSecretSalt(), true);
$key = substr($key, 0, $keySize);
$len = strlen($data);
diff --git a/modules/consent/lib/Auth/Process/Consent.php b/modules/consent/lib/Auth/Process/Consent.php
index 0cc8950733403a4808208c6a8f64a3cd3bb50157..87c954d525778624ff84412e060196e95f614f13 100644
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -290,7 +290,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
*/
public static function getHashedUserID($userid, $source)
{
- return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source);
+ return hash('sha1', $userid . '|' . SimpleSAML_Utils_Config::getSecretSalt() . '|' . $source);
}
/**
@@ -304,7 +304,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
*/
public static function getTargetedID($userid, $source, $destination)
{
- return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source . '|' . $destination);
+ return hash('sha1', $userid . '|' . SimpleSAML_Utils_Config::getSecretSalt() . '|' . $source . '|' . $destination);
}
/**
diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php
index 265d36cf7391261675cf5667d6f286f6697a85c6..81ce16fbd1ed4a6ef7341a72da38a14894d22e9b 100644
--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -199,7 +199,7 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store
{
assert('is_string($data)');
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
}
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index aafdd23641fe0d5fb17aeb1b63e29160369f37a8..4cc86ff539a3f818e266f38744d5239892af6130 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -100,7 +100,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
}
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
if (array_key_exists('Source', $state)) {
$srcID = self::getEntityId($state['Source']);
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php
index 511675576af0a65fc1ec32630227ec2bc6138950..3f0f478f343181d345ee1448ba201302b43eaeae 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID.php
@@ -64,7 +64,7 @@ class sspmod_saml_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGe
$uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */
$uid = $uid[0];
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 934a140636d094cb4d6091564ab98aad6a61092a..82b7e90aa2c79a63fd375c4b0c6a76528813aa5c 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -628,7 +628,7 @@ class sspmod_saml_IdP_SAML2 {
$idpEntityId = $idpMetadata->getString('entityid');
$spEntityId = $spMetadata->getString('entityid');
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;