From 07c6d83450fde708c21c811ef9a8dd2225b0202f Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Thu, 16 Apr 2015 16:36:54 +0200
Subject: [PATCH] Move SimpleSAML_Utilities::getSecretSalt() to
SimpleSAML_Utils_Config::getSecretSalt(). Deprecate the former and stop using
it.
---
lib/SimpleSAML/Auth/TimeLimitedToken.php | 2 +-
lib/SimpleSAML/Utilities.php | 21 ++---------
lib/SimpleSAML/Utils/Config.php | 36 +++++++++++++++++++
lib/SimpleSAML/Utils/Crypto.php | 4 +--
modules/consent/lib/Auth/Process/Consent.php | 4 +--
modules/consent/lib/Consent/Store/Cookie.php | 2 +-
modules/core/lib/Auth/Process/TargetedID.php | 2 +-
.../lib/Auth/Process/PersistentNameID.php | 2 +-
modules/saml/lib/IdP/SAML2.php | 2 +-
9 files changed, 47 insertions(+), 28 deletions(-)
create mode 100644 lib/SimpleSAML/Utils/Config.php
diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index 3c991ce94..2c48723f8 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -14,7 +14,7 @@ class SimpleSAML_Auth_TimeLimitedToken {
*/
public function __construct( $lifetime = 900, $secretSalt = NULL, $skew = 1) {
if ($secretSalt === NULL) {
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
}
$this->secretSalt = $secretSalt;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index f130b24f8..e5f814ade 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1161,27 +1161,10 @@ class SimpleSAML_Utilities {
/**
- * Retrieve secret salt.
- *
- * This function retrieves the value which is configured as the secret salt. It will
- * check that the value exists and is set to a non-default value. If it isn't, an
- * exception will be thrown.
- *
- * The secret salt can be used as a component in hash functions, to make it difficult to
- * test all possible values in order to retrieve the original value. It can also be used
- * as a simple method for signing data, by hashing the data together with the salt.
- *
- * @return string The secret salt.
+ * @deprecated This function will be removed in SSP 2.0. Please use SimpleSAML_Utils_Config::getSecretSalt() instead.
*/
public static function getSecretSalt() {
-
- $secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
- if ($secretSalt === 'defaultsecretsalt') {
- throw new Exception('The "secretsalt" configuration option must be set to a secret' .
- ' value.');
- }
-
- return $secretSalt;
+ return SimpleSAML_Utils_Config::getSecretSalt();
}
diff --git a/lib/SimpleSAML/Utils/Config.php b/lib/SimpleSAML/Utils/Config.php
new file mode 100644
index 000000000..43ade2aa6
--- /dev/null
+++ b/lib/SimpleSAML/Utils/Config.php
@@ -0,0 +1,36 @@
+<?php
+
+
+/**
+ * Utility class for SimpleSAMLphp configuration management and manipulation.
+ *
+ * @package SimpleSAMLphp
+ */
+class SimpleSAML_Utils_Config
+{
+
+ /**
+ * Retrieve the secret salt.
+ *
+ * This function retrieves the value which is configured as the secret salt. It will check that the value exists
+ * and is set to a non-default value. If it isn't, an exception will be thrown.
+ *
+ * The secret salt can be used as a component in hash functions, to make it difficult to test all possible values
+ * in order to retrieve the original value. It can also be used as a simple method for signing data, by hashing the
+ * data together with the salt.
+ *
+ * @return string The secret salt.
+ *
+ * @throws SimpleSAML_Error_Exception If the secret salt hasn't been configured.
+ * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ */
+ public static function getSecretSalt()
+ {
+ $secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
+ if ($secretSalt === 'defaultsecretsalt') {
+ throw new SimpleSAML_Error_Exception('The "secretsalt" configuration option must be set to a secret value.');
+ }
+
+ return $secretSalt;
+ }
+}
\ No newline at end of file
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index c3090e18b..d7eee79ab 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -34,7 +34,7 @@ class SimpleSAML_Utils_Crypto
$ivSize = mcrypt_get_iv_size($enc, $mode);
$keySize = mcrypt_get_key_size($enc, $mode);
- $key = hash('sha256', SimpleSAML_Utilities::getSecretSalt(), true);
+ $key = hash('sha256', SimpleSAML_Utils_Config::getSecretSalt(), true);
$key = substr($key, 0, $keySize);
$iv = substr($ciphertext, 0, $ivSize);
@@ -75,7 +75,7 @@ class SimpleSAML_Utils_Crypto
$ivSize = mcrypt_get_iv_size($enc, $mode);
$keySize = mcrypt_get_key_size($enc, $mode);
- $key = hash('sha256', SimpleSAML_Utilities::getSecretSalt(), true);
+ $key = hash('sha256', SimpleSAML_Utils_Config::getSecretSalt(), true);
$key = substr($key, 0, $keySize);
$len = strlen($data);
diff --git a/modules/consent/lib/Auth/Process/Consent.php b/modules/consent/lib/Auth/Process/Consent.php
index 0cc895073..87c954d52 100644
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -290,7 +290,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
*/
public static function getHashedUserID($userid, $source)
{
- return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source);
+ return hash('sha1', $userid . '|' . SimpleSAML_Utils_Config::getSecretSalt() . '|' . $source);
}
/**
@@ -304,7 +304,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
*/
public static function getTargetedID($userid, $source, $destination)
{
- return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source . '|' . $destination);
+ return hash('sha1', $userid . '|' . SimpleSAML_Utils_Config::getSecretSalt() . '|' . $source . '|' . $destination);
}
/**
diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php
index 265d36cf7..81ce16fbd 100644
--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -199,7 +199,7 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store
{
assert('is_string($data)');
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
}
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index aafdd2364..4cc86ff53 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -100,7 +100,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
}
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
if (array_key_exists('Source', $state)) {
$srcID = self::getEntityId($state['Source']);
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php
index 511675576..3f0f478f3 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID.php
@@ -64,7 +64,7 @@ class sspmod_saml_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGe
$uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */
$uid = $uid[0];
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 934a14063..82b7e90aa 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -628,7 +628,7 @@ class sspmod_saml_IdP_SAML2 {
$idpEntityId = $idpMetadata->getString('entityid');
$spEntityId = $spMetadata->getString('entityid');
- $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+ $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
$uidData = 'uidhashbase' . $secretSalt;
$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
--
GitLab