diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 4684f5d8fc8af222254716a3f753e18754eaa5c1..88d8f8589a189f013e04a36bf35a20ec8fc17e6d 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -105,7 +105,7 @@ class SimpleSAML_Auth_State {
assert('is_bool($rawId)');
if (!array_key_exists(self::ID, $state)) {
- $state[self::ID] = SimpleSAML_Utilities::generateID();
+ $state[self::ID] = SimpleSAML_Utils_Random::generateID();
}
$id = $state[self::ID];
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 3e8f7d3923735f70e47ed0dbf18c128b0ce33805..d2118512c94ba8d8ddf98c952dd3cfaf0743b600 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -48,7 +48,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
$msg = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' .
'<SOAP-ENV:Body>' .
'<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"' .
- ' RequestID="' . SimpleSAML_Utilities::generateID() . '"' .
+ ' RequestID="' . SimpleSAML_Utils_Random::generateID() . '"' .
' MajorVersion="1" MinorVersion="1"' .
' IssueInstant="' . SimpleSAML_Utilities::generateTimestamp() . '"' .
'>';
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index df43435454ed4554d839733bd6d0de841007eddf..d4bbaac001e62295aac6097607b518b0f2ebfcbd 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -408,7 +408,7 @@ class SimpleSAML_Session
$this->authData[$authority] = $data;
- $this->authToken = SimpleSAML_Utilities::generateID();
+ $this->authToken = SimpleSAML_Utils_Random::generateID();
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) &&
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index b71a6e2a79cf0e317a65c774deab51929d2e5120..148be6ea11a2316eff54fe79be31766fa9f215f9 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -381,10 +381,13 @@ class SimpleSAML_Utilities {
}
+ /**
+ * @deprecated This function will be removed in SSP 2.0. Please use SimpleSAML_Utils_Random::generateID() instead.
+ */
public static function generateID() {
- return '_' . bin2hex(openssl_random_pseudo_bytes(21));
+ return SimpleSAML_Utils_Random::generateID();
}
-
+
/**
* This function generates a timestamp on the form used by the SAML protocols.
@@ -1465,7 +1468,7 @@ class SimpleSAML_Utilities {
if ($httpRedirect && preg_match("#^http:#", $destination) && self::isHTTPS()) {
$url = self::createHttpPostRedirectLink($destination, $post);
} else {
- $postId = SimpleSAML_Utilities::generateID();
+ $postId = SimpleSAML_Utils_Random::generateID();
$postData = array(
'post' => $post,
'url' => $destination,
@@ -1492,7 +1495,7 @@ class SimpleSAML_Utilities {
assert('is_string($destination)');
assert('is_array($post)');
- $postId = SimpleSAML_Utilities::generateID();
+ $postId = SimpleSAML_Utils_Random::generateID();
$postData = array(
'post' => $post,
'url' => $destination,
diff --git a/lib/SimpleSAML/Utils/Random.php b/lib/SimpleSAML/Utils/Random.php
new file mode 100644
index 0000000000000000000000000000000000000000..11b8a198372508cb44897da6437b0b4994e80847
--- /dev/null
+++ b/lib/SimpleSAML/Utils/Random.php
@@ -0,0 +1,25 @@
+<?php
+
+
+/**
+ * Utility class for random data generation and manipulation.
+ *
+ * @package SimpleSAMLphp
+ */
+class SimpleSAML_Utils_Random
+{
+
+ /**
+ * Generate a random identifier, 22 bytes long.
+ *
+ * @return string A 22-bytes long string with a random, hex string.
+ *
+ * @author Andreas Solberg, UNINETT AS <andreas.solberg@uninett.no>
+ * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+ * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+ */
+ public static function generateID()
+ {
+ return '_'.bin2hex(openssl_random_pseudo_bytes(21));
+ }
+}
\ No newline at end of file
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 2d65be5d99bd4037db82fd42de628e22853d0516..563882e9409c9d70d01bd906da369799eb3cf9b1 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -304,7 +304,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
$scopedAttributes = array();
}
- $id = SimpleSAML_Utilities::generateID();
+ $id = SimpleSAML_Utils_Random::generateID();
$issueInstant = SimpleSAML_Utilities::generateTimestamp();
@@ -313,7 +313,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);# 5 minutes
- $assertionid = SimpleSAML_Utilities::generateID();
+ $assertionid = SimpleSAML_Utils_Random::generateID();
$spEntityId = $sp->getString('entityid');
@@ -321,7 +321,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
$base64 = $sp->getBoolean('base64attributes', FALSE);
$namequalifier = $sp->getString('NameQualifier', $spEntityId);
- $nameid = SimpleSAML_Utilities::generateID();
+ $nameid = SimpleSAML_Utils_Random::generateID();
$subjectNode =
'<Subject>' .
'<NameIdentifier' .
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 39b2a3049a1726823dc898a99fe1a9780476408d..cdb23f95767f900fcaa1df6bf1648edcd9389236 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -50,7 +50,7 @@ class sspmod_adfs_IdP_ADFS {
$issueInstant = SimpleSAML_Utilities::generateTimestamp();
$notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);
- $assertionID = SimpleSAML_Utilities::generateID();
+ $assertionID = SimpleSAML_Utils_Random::generateID();
$nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
$result =
'<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
@@ -141,7 +141,7 @@ class sspmod_adfs_IdP_ADFS {
}
$nameid = $attributes[$nameidattribute][0];
} else {
- $nameid = SimpleSAML_Utilities::generateID();
+ $nameid = SimpleSAML_Utils_Random::generateID();
}
$idp = SimpleSAML_IdP::getByState($state);
diff --git a/modules/casserver/www/login.php b/modules/casserver/www/login.php
index ebbaec3f55c957f3bb6ffe573bfe17f233304be1..deb1799451460ed2e39832ec69f76f336cac66cd 100644
--- a/modules/casserver/www/login.php
+++ b/modules/casserver/www/login.php
@@ -41,7 +41,7 @@ $attributes = $as->getAttributes();
$path = $casconfig->resolvePath($casconfig->getValue('ticketcache', '/tmp'));
-$ticket = str_replace( '_', 'ST-', SimpleSAML_Utilities::generateID() );
+$ticket = str_replace( '_', 'ST-', SimpleSAML_Utils_Random::generateID() );
storeTicket($ticket, $path, array('service' => $service,
'forceAuthn' => $forceAuthn,
'attributes' => $attributes,
diff --git a/modules/casserver/www/proxy.php b/modules/casserver/www/proxy.php
index 7b88e413c7e8859e0c8c947ccf88ced5d2423f9c..b4f08d55d8031bc0cc0a7856e12d28f114cab138 100644
--- a/modules/casserver/www/proxy.php
+++ b/modules/casserver/www/proxy.php
@@ -26,7 +26,7 @@ $path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache
$ticket = retrieveTicket($pgt, $path, false);
if ($ticket['validbefore'] > time()) {
- $pt = str_replace( '_', 'PT-', SimpleSAML_Utilities::generateID() );
+ $pt = str_replace( '_', 'PT-', SimpleSAML_Utils_Random::generateID() );
storeTicket($pt, $path, array(
'service' => $targetService,
'forceAuthn' => false,
diff --git a/modules/casserver/www/serviceValidate.php b/modules/casserver/www/serviceValidate.php
index ffb20bb0baf1d7a6588a13ad78b90c0324e1a1b5..5a30ec115443679ab8aa8ce7f5a6ea4a3a0615d2 100644
--- a/modules/casserver/www/serviceValidate.php
+++ b/modules/casserver/www/serviceValidate.php
@@ -41,8 +41,8 @@ try {
if (isset($_GET['pgtUrl'])) {
$pgtUrl = $_GET['pgtUrl'];
- $pgtiou = str_replace( '_', 'PGTIOU-', SimpleSAML_Utilities::generateID());
- $pgt = str_replace( '_', 'PGT-', SimpleSAML_Utilities::generateID());
+ $pgtiou = str_replace( '_', 'PGTIOU-', SimpleSAML_Utils_Random::generateID());
+ $pgt = str_replace( '_', 'PGT-', SimpleSAML_Utils_Random::generateID());
$content = array(
'attributes' => $attributes,
'forceAuthn' => false,
diff --git a/modules/consent/templates/consentform.php b/modules/consent/templates/consentform.php
index 65056c56f1a934563e6c5181953ce87adbe56eae..004a91e982a99f24fab25503c036830036edfdfe 100644
--- a/modules/consent/templates/consentform.php
+++ b/modules/consent/templates/consentform.php
@@ -167,7 +167,7 @@ function present_attributes($t, $attributes, $nameParent)
$isHidden = in_array($nameraw, $t->data['hiddenAttributes'], true);
if ($isHidden) {
- $hiddenId = SimpleSAML_Utilities::generateID();
+ $hiddenId = SimpleSAML_Utils_Random::generateID();
$str .= '<div class="attrvalue" style="display: none;" id="hidden_' . $hiddenId . '">';
} else {
diff --git a/modules/oauth/lib/OAuthStore.php b/modules/oauth/lib/OAuthStore.php
index cd8e0d6163434e386ca916d9ba9ecdf063f0f066..881daf7adc88b399088a8c2234f65cceaa45809c 100644
--- a/modules/oauth/lib/OAuthStore.php
+++ b/modules/oauth/lib/OAuthStore.php
@@ -62,7 +62,7 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore {
if ($oConsumer && ($oConsumer->callback_url)) $url = $oConsumer->callback_url;
- $verifier = SimpleSAML_Utilities::generateID();
+ $verifier = SimpleSAML_Utils_Random::generateID();
$url = SimpleSAML_Utilities::addURLparameter($url, array("oauth_verifier"=>$verifier));
$this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60*30) );
@@ -138,7 +138,7 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore {
$lifetime = $this->config->getValue('requestTokenDuration', 60*30);
- $token = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
+ $token = new OAuthToken(SimpleSAML_Utils_Random::generateID(), SimpleSAML_Utils_Random::generateID());
$token->callback = $callback; // OAuth1.0-RevA
$this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
@@ -158,7 +158,7 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore {
function new_access_token($requestToken, $consumer, $verifier = null) {
SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
- $accestoken = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
+ $accestoken = new OAuthToken(SimpleSAML_Utils_Random::generateID(), SimpleSAML_Utils_Random::generateID());
// SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ',' . $accestoken . ')');
$this->store->set('access', $accestoken->key, $consumer->key, $accestoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
return $accestoken;
diff --git a/modules/oauth/www/registry.edit.php b/modules/oauth/www/registry.edit.php
index 1b752cdc7c14c1d52ea9182a05009126b925781f..ee69a1e59c225965e5bd5c017c0248fc7b36194a 100644
--- a/modules/oauth/www/registry.edit.php
+++ b/modules/oauth/www/registry.edit.php
@@ -37,8 +37,8 @@ if (array_key_exists('editkey', $_REQUEST)) {
} else {
$entry = array(
'owner' => $userid,
- 'key' => SimpleSAML_Utilities::generateID(),
- 'secret' => SimpleSAML_Utilities::generateID(),
+ 'key' => SimpleSAML_Utils_Random::generateID(),
+ 'secret' => SimpleSAML_Utils_Random::generateID(),
);
}
diff --git a/modules/saml/lib/Auth/Process/TransientNameID.php b/modules/saml/lib/Auth/Process/TransientNameID.php
index c51d8ca4e7c203d3023b3d8868eae6f9768eea17..7451e45e2093f15143e41ff069d08bab8bea20ec 100644
--- a/modules/saml/lib/Auth/Process/TransientNameID.php
+++ b/modules/saml/lib/Auth/Process/TransientNameID.php
@@ -28,7 +28,7 @@ class sspmod_saml_Auth_Process_TransientNameID extends sspmod_saml_BaseNameIDGen
*/
protected function getValue(array &$state) {
- return SimpleSAML_Utilities::generateID();
+ return SimpleSAML_Utils_Random::generateID();
}
}
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index e6337fc6f19b2238bcc2e3561dcfdde5dea3f37e..934a140636d094cb4d6091564ab98aad6a61092a 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -809,7 +809,7 @@ class sspmod_saml_IdP_SAML2 {
$sessionLifetime = $config->getInteger('session.duration', 8*60*60);
$a->setSessionNotOnOrAfter(time() + $sessionLifetime);
- $a->setSessionIndex(SimpleSAML_Utilities::generateID());
+ $a->setSessionIndex(SimpleSAML_Utils_Random::generateID());
$sc = new SAML2_XML_saml_SubjectConfirmation();
$sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
@@ -892,7 +892,7 @@ class sspmod_saml_IdP_SAML2 {
if ($nameIdFormat === SAML2_Const::NAMEID_TRANSIENT) {
/* generate a random id */
- $nameIdValue = SimpleSAML_Utilities::generateID();
+ $nameIdValue = SimpleSAML_Utils_Random::generateID();
} else {
/* this code will end up generating either a fixed assigned id (via nameid.attribute)
or random id if not assigned/configured */
@@ -900,7 +900,7 @@ class sspmod_saml_IdP_SAML2 {
if ($nameIdValue === NULL) {
SimpleSAML_Logger::warning('Falling back to transient NameID.');
$nameIdFormat = SAML2_Const::NAMEID_TRANSIENT;
- $nameIdValue = SimpleSAML_Utilities::generateID();
+ $nameIdValue = SimpleSAML_Utils_Random::generateID();
}
}
diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 6f79f7b62496e631a774095e54a491bfda199f67..7a3d36a867a853ac3f1fce22605116de10467092 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -167,7 +167,7 @@ class sspmod_saml_SP_LogoutStore {
* it supports SLO, but we don't want an LogoutRequest with a specific
* SessionIndex to match this session. We therefore generate our own session index.
*/
- $sessionIndex = SimpleSAML_Utilities::generateID();
+ $sessionIndex = SimpleSAML_Utils_Random::generateID();
}
$store = SimpleSAML_Store::getInstance();
diff --git a/www/authmemcookie.php b/www/authmemcookie.php
index 8acd307944fba857ae3dd79a1490140876ffb62e..ca9450f363e609fe340467e78bf01ced5cbb56b1 100644
--- a/www/authmemcookie.php
+++ b/www/authmemcookie.php
@@ -31,7 +31,7 @@ try {
$s->requireAuth();
/* Generate session id and save it in a cookie. */
- $sessionID = SimpleSAML_Utilities::generateID();
+ $sessionID = SimpleSAML_Utils_Random::generateID();
$cookieName = $amc->getCookieName();