From db592d6cda91e11fa87c657acc1bb1117d073685 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Tue, 21 Apr 2015 14:29:00 +0200
Subject: [PATCH] Move SimpleSAML_Utilities::isHTTPS() to
 SimpleSAML\Utils\HTTP::isHTTPS() and deprecate the former.

---
 lib/SimpleSAML/SessionHandlerPHP.php         |  4 ++--
 lib/SimpleSAML/Utilities.php                 | 17 ++---------------
 lib/SimpleSAML/Utils/HTTP.php                | 14 ++++++++++++++
 modules/consent/lib/Consent/Store/Cookie.php |  2 +-
 modules/core/www/frontpage_config.php        |  2 +-
 modules/saml/lib/IdP/SAML2.php               |  2 +-
 modules/saml/lib/Message.php                 |  2 +-
 7 files changed, 22 insertions(+), 21 deletions(-)

diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index 36fe0753c..9857d8430 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -68,7 +68,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 	public function newSessionId() {
 		$session_cookie_params = session_get_cookie_params();
 
-		if ($session_cookie_params['secure'] && !SimpleSAML_Utilities::isHTTPS()) {
+		if ($session_cookie_params['secure'] && !\SimpleSAML\Utils\HTTP::isHTTPS()) {
 			throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
 		}
 
@@ -105,7 +105,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 
 			$session_cookie_params = session_get_cookie_params();
 
-			if ($session_cookie_params['secure'] && !SimpleSAML_Utilities::isHTTPS()) {
+			if ($session_cookie_params['secure'] && !\SimpleSAML\Utils\HTTP::isHTTPS()) {
 				throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
 			}
 
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index c0522f058..021a6e7c3 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -45,23 +45,10 @@ class SimpleSAML_Utilities {
 
 	
 	/**
-	 * This function checks if we should set a secure cookie.
-	 *
-	 * @return TRUE if the cookie should be secure, FALSE otherwise.
+	 * @deprecated This method will be removed in SSP 2.0. Please use SimpleSAML\Utils\HTTP::isHTTPS() instead.
 	 */
 	public static function isHTTPS() {
-
-		$url = self::getBaseURL();
-
-		$end = strpos($url,'://');
-		$protocol = substr($url, 0, $end);
-
-		if ($protocol === 'https') {
-			return TRUE;
-		} else {
-			return FALSE;
-		}
-
+		return \SimpleSAML\Utils\HTTP::isHTTPS();
 	}
 
 
diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index ec3f9ce70..b2a774645 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -428,6 +428,20 @@ class HTTP
     }
 
 
+    /**
+     * This function checks if we are using HTTPS as protocol.
+     *
+     * @return boolean True if the HTTPS is used, false otherwise.
+     *
+     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+     * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+     */
+    public static function isHTTPS()
+    {
+        return strpos(self::getBaseURL(), 'https://') === 0;
+    }
+
+
     /**
      * Normalizes a URL to an absolute URL and validate it. In addition to resolving the URL, this function makes sure
      * that it is a link to an http or https site.
diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php
index b8ca9ba48..5790fa684 100644
--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -272,7 +272,7 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store
             'httponly' => FALSE,
         );
 
-        if (SimpleSAML_Utilities::isHTTPS()) {
+        if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
             /* Enable secure cookie for https-requests. */
             $params['secure'] = true;
         } else {
diff --git a/modules/core/www/frontpage_config.php b/modules/core/www/frontpage_config.php
index e97eb4bb3..74c8c61fa 100644
--- a/modules/core/www/frontpage_config.php
+++ b/modules/core/www/frontpage_config.php
@@ -16,7 +16,7 @@ $isadmin = SimpleSAML\Utils\Auth::isAdmin();
 
 $warnings = array();
 
-if (!SimpleSAML_Utilities::isHTTPS()) {
+if (!\SimpleSAML\Utils\HTTP::isHTTPS()) {
 	$warnings[] = '{core:frontpage:warnings_https}';
 }
 
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 936bdbada..cc4271df6 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -829,7 +829,7 @@ class sspmod_saml_IdP_SAML2 {
 		if ($hokAssertion) {
 			/* Holder-of-Key */
 			$sc->Method = SAML2_Const::CM_HOK;
-			if (SimpleSAML_Utilities::isHTTPS()) {
+			if (\SimpleSAML\Utils\HTTP::isHTTPS()) {
 				if (isset($_SERVER['SSL_CLIENT_CERT']) && !empty($_SERVER['SSL_CLIENT_CERT'])) {
 					/* Extract certificate data (if this is a certificate). */
 					$clientCert = $_SERVER['SSL_CLIENT_CERT'];
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index 13532c047..03d3949a5 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -610,7 +610,7 @@ class sspmod_saml_Message {
 			$scd = $sc->SubjectConfirmationData;
 			if ($sc->Method === SAML2_Const::CM_HOK) {
 				/* Check HoK Assertion */
-				if (SimpleSAML_Utilities::isHTTPS() === FALSE) {
+				if (\SimpleSAML\Utils\HTTP::isHTTPS() === FALSE) {
 				    $lastError = 'No HTTPS connection, but required for Holder-of-Key SSO';
 				    continue;
 				}
-- 
GitLab