From 34ee352bce61a2f09a47351dd3d477464bfddb6e Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 25 Aug 2008 11:42:14 +0000
Subject: [PATCH] Utilities: add method to retrieve the secret salt.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@828 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Utilities.php                 | 35 +++++++++++++++-----
 modules/core/lib/Auth/Process/TargetedID.php |  6 +---
 2 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index 460abe4c5..b8fb39cf9 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -974,15 +974,7 @@ class SimpleSAML_Utilities {
 		}
 
 
-		$secretSalt = SimpleSAML_Configuration::getInstance()->getValue('secretsalt');
-		if(empty($secretSalt)) {
-			throw new Exception('The "secretsalt" configuration option must be set before user' .
-			                    ' ids can be generated.');
-		}
-		if($secretSalt === 'defaultsecretsalt') {
-			throw new Exception('The "secretsalt" configuration option must be set to a secret' .
-			                    ' value.');
-		}
+		$secretSalt = self::getSecretSalt();
 
 		$uidData = 'uidhashbase' . $secretSalt;
 		$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
@@ -1250,6 +1242,31 @@ class SimpleSAML_Utilities {
 		return $newAttrs;
 	}
 
+
+	/**
+	 * Retrieve secret salt.
+	 *
+	 * This function retrieves the value which is configured as the secret salt. It will
+	 * check that the value exists and is set to a non-default value. If it isn't, an
+	 * exception will be thrown.
+	 *
+	 * The secret salt can be used as a component in hash functions, to make it difficult to
+	 * test all possible values in order to retrieve the original value. It can also be used
+	 * as a simple method for signing data, by hashing the data together with the salt.
+	 *
+	 * @return string  The secret salt.
+	 */
+	public static function getSecretSalt() {
+
+		$secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
+		if ($secretSalt === 'defaultsecretsalt') {
+			throw new Exception('The "secretsalt" configuration option must be set to a secret' .
+			                    ' value.');
+		}
+
+		return $secretSalt;
+	}
+
 }
 
 ?>
\ No newline at end of file
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index add19f240..3044f71df 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -86,11 +86,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 		}
 
 
-		$secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
-		if ($secretSalt === 'defaultsecretsalt') {
-			throw new Exception('The "secretsalt" configuration option must be set to a secret' .
-			                    ' value.');
-		}
+		$secretSalt = SimpleSAML_Utilities::getSecretSalt();
 
 		if (array_key_exists('Source', $state)) {
 			$srcID = self::getEntityId($state['Source']);
-- 
GitLab