Move SimpleSAML_Utilities::generateID() to SimpleSAML_Utils_Random::generateID(). Deprecate the former and schedule it for removal in 2.0.

17 files changed, 56 insertions, 28 deletions

diff --git a/lib/SimpleSAML/Auth/State.php b/lib/SimpleSAML/Auth/State.php
index 4684f5d..88d8f85 100644
--- a/lib/SimpleSAML/Auth/State.php
+++ b/lib/SimpleSAML/Auth/State.php
@@ -105,7 +105,7 @@ class SimpleSAML_Auth_State {
 		assert('is_bool($rawId)');
 
 		if (!array_key_exists(self::ID, $state)) {
-			$state[self::ID] = SimpleSAML_Utilities::generateID();
+			$state[self::ID] = SimpleSAML_Utils_Random::generateID();
 		}
 
 		$id = $state[self::ID];
diff --git a/lib/SimpleSAML/Bindings/Shib13/Artifact.php b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
index 3e8f7d3..d211851 100644
--- a/lib/SimpleSAML/Bindings/Shib13/Artifact.php
+++ b/lib/SimpleSAML/Bindings/Shib13/Artifact.php
@@ -48,7 +48,7 @@ class SimpleSAML_Bindings_Shib13_Artifact {
 		$msg = '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">' .
 			'<SOAP-ENV:Body>' .
 			'<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"' .
-			' RequestID="' . SimpleSAML_Utilities::generateID() . '"' .
+			' RequestID="' . SimpleSAML_Utils_Random::generateID() . '"' .
 			' MajorVersion="1" MinorVersion="1"' .
 			' IssueInstant="' . SimpleSAML_Utilities::generateTimestamp() . '"' .
 			'>';
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index df43435..d4bbaac 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -408,7 +408,7 @@ class SimpleSAML_Session
 
         $this->authData[$authority] = $data;
 
-        $this->authToken = SimpleSAML_Utilities::generateID();
+        $this->authToken = SimpleSAML_Utils_Random::generateID();
         $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
 
         if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) &&
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index b71a6e2..148be6e 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -381,10 +381,13 @@ class SimpleSAML_Utilities {
 	}
 
 
+	/**
+	 * @deprecated This function will be removed in SSP 2.0. Please use SimpleSAML_Utils_Random::generateID() instead.
+	 */
 	public static function generateID() {
-		return '_' . bin2hex(openssl_random_pseudo_bytes(21));
+		return SimpleSAML_Utils_Random::generateID();
 	}
-	
+
 
 	/**
 	 * This function generates a timestamp on the form used by the SAML protocols.
@@ -1465,7 +1468,7 @@ class SimpleSAML_Utilities {
 		if ($httpRedirect && preg_match("#^http:#", $destination) && self::isHTTPS()) {
 			$url = self::createHttpPostRedirectLink($destination, $post);
 		} else {
-			$postId = SimpleSAML_Utilities::generateID();
+			$postId = SimpleSAML_Utils_Random::generateID();
 			$postData = array(
 				'post' => $post,
 				'url' => $destination,
@@ -1492,7 +1495,7 @@ class SimpleSAML_Utilities {
 		assert('is_string($destination)');
 		assert('is_array($post)');
 
-		$postId = SimpleSAML_Utilities::generateID();
+		$postId = SimpleSAML_Utils_Random::generateID();
 		$postData = array(
 			'post' => $post,
 			'url' => $destination,
diff --git a/lib/SimpleSAML/Utils/Random.php b/lib/SimpleSAML/Utils/Random.php
new file mode 100644
index 0000000..11b8a19
--- /dev/null
+++ b/lib/SimpleSAML/Utils/Random.php
@@ -0,0 +1,25 @@
+<?php
+
+
+/**
+ * Utility class for random data generation and manipulation.
+ *
+ * @package SimpleSAMLphp
+ */
+class SimpleSAML_Utils_Random
+{
+
+    /**
+     * Generate a random identifier, 22 bytes long.
+     *
+     * @return string A 22-bytes long string with a random, hex string.
+     *
+     * @author Andreas Solberg, UNINETT AS <andreas.solberg@uninett.no>
+     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no>
+     * @author Jaime Perez, UNINETT AS <jaime.perez@uninett.no>
+     */
+    public static function generateID()
+    {
+        return '_'.bin2hex(openssl_random_pseudo_bytes(21));
+    }
+}
\ No newline at end of file
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
index 2d65be5..563882e 100644
--- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
+++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php
@@ -304,7 +304,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
 			$scopedAttributes = array();
 		}
 
-		$id = SimpleSAML_Utilities::generateID();
+		$id = SimpleSAML_Utils_Random::generateID();
 		
 		$issueInstant = SimpleSAML_Utilities::generateTimestamp();
 		
@@ -313,7 +313,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
 		
 		
 		$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);# 5 minutes
-		$assertionid = SimpleSAML_Utilities::generateID();
+		$assertionid = SimpleSAML_Utils_Random::generateID();
 
 		$spEntityId = $sp->getString('entityid');
 
@@ -321,7 +321,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse {
 		$base64 = $sp->getBoolean('base64attributes', FALSE);
 
 		$namequalifier = $sp->getString('NameQualifier', $spEntityId);
-		$nameid = SimpleSAML_Utilities::generateID();
+		$nameid = SimpleSAML_Utils_Random::generateID();
 		$subjectNode =
 			'<Subject>' .
 			'<NameIdentifier' .
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index 39b2a30..cdb23f9 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -50,7 +50,7 @@ class sspmod_adfs_IdP_ADFS {
 		$issueInstant = SimpleSAML_Utilities::generateTimestamp();
 		$notBefore = SimpleSAML_Utilities::generateTimestamp(time() - 30);
 		$assertionExpire = SimpleSAML_Utilities::generateTimestamp(time() + 60 * 5);
-		$assertionID = SimpleSAML_Utilities::generateID();
+		$assertionID = SimpleSAML_Utils_Random::generateID();
 		$nameidFormat = 'http://schemas.xmlsoap.org/claims/UPN';
 		$result =
 '<wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust">
@@ -141,7 +141,7 @@ class sspmod_adfs_IdP_ADFS {
 			}
 			$nameid = $attributes[$nameidattribute][0];
 		} else {
-			$nameid = SimpleSAML_Utilities::generateID();
+			$nameid = SimpleSAML_Utils_Random::generateID();
 		}
 
 		$idp = SimpleSAML_IdP::getByState($state);		
diff --git a/modules/casserver/www/login.php b/modules/casserver/www/login.php
index ebbaec3..deb1799 100644
--- a/modules/casserver/www/login.php
+++ b/modules/casserver/www/login.php
@@ -41,7 +41,7 @@ $attributes = $as->getAttributes();
 
 $path = $casconfig->resolvePath($casconfig->getValue('ticketcache', '/tmp'));
 
-$ticket = str_replace( '_', 'ST-', SimpleSAML_Utilities::generateID() );
+$ticket = str_replace( '_', 'ST-', SimpleSAML_Utils_Random::generateID() );
 storeTicket($ticket, $path, array('service' => $service,
 	'forceAuthn' => $forceAuthn,
 	'attributes' => $attributes,
diff --git a/modules/casserver/www/proxy.php b/modules/casserver/www/proxy.php
index 7b88e41..b4f08d5 100644
--- a/modules/casserver/www/proxy.php
+++ b/modules/casserver/www/proxy.php
@@ -26,7 +26,7 @@ $path = $casconfig->resolvePath($casconfig->getValue('ticketcache', 'ticketcache
 
 $ticket = retrieveTicket($pgt, $path, false);
 if ($ticket['validbefore'] > time()) {
-	$pt = str_replace( '_', 'PT-', SimpleSAML_Utilities::generateID() );
+	$pt = str_replace( '_', 'PT-', SimpleSAML_Utils_Random::generateID() );
 	storeTicket($pt, $path, array(
 		'service' => $targetService,
 		'forceAuthn' => false,
diff --git a/modules/casserver/www/serviceValidate.php b/modules/casserver/www/serviceValidate.php
index ffb20bb..5a30ec1 100644
--- a/modules/casserver/www/serviceValidate.php
+++ b/modules/casserver/www/serviceValidate.php
@@ -41,8 +41,8 @@ try {
 					
 		if (isset($_GET['pgtUrl'])) {
 			$pgtUrl = $_GET['pgtUrl'];
-			$pgtiou = str_replace( '_', 'PGTIOU-', SimpleSAML_Utilities::generateID());
-			$pgt = str_replace( '_', 'PGT-', SimpleSAML_Utilities::generateID());
+			$pgtiou = str_replace( '_', 'PGTIOU-', SimpleSAML_Utils_Random::generateID());
+			$pgt = str_replace( '_', 'PGT-', SimpleSAML_Utils_Random::generateID());
 			$content = array(
 				'attributes' => $attributes,
 				'forceAuthn' => false,
diff --git a/modules/consent/templates/consentform.php b/modules/consent/templates/consentform.php
index 65056c5..004a91e 100644
--- a/modules/consent/templates/consentform.php
+++ b/modules/consent/templates/consentform.php
@@ -167,7 +167,7 @@ function present_attributes($t, $attributes, $nameParent)
 
             $isHidden = in_array($nameraw, $t->data['hiddenAttributes'], true);
             if ($isHidden) {
-                $hiddenId = SimpleSAML_Utilities::generateID();
+                $hiddenId = SimpleSAML_Utils_Random::generateID();
 
                 $str .= '<div class="attrvalue" style="display: none;" id="hidden_' . $hiddenId . '">';
             } else {
diff --git a/modules/oauth/lib/OAuthStore.php b/modules/oauth/lib/OAuthStore.php
index cd8e0d6..881daf7 100644
--- a/modules/oauth/lib/OAuthStore.php
+++ b/modules/oauth/lib/OAuthStore.php
@@ -62,7 +62,7 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore {
 		
 		if ($oConsumer && ($oConsumer->callback_url)) $url = $oConsumer->callback_url;
 		
-		$verifier = SimpleSAML_Utilities::generateID();
+		$verifier = SimpleSAML_Utils_Random::generateID();
 		$url = SimpleSAML_Utilities::addURLparameter($url, array("oauth_verifier"=>$verifier));
 		
 		$this->store->set('authorized', $requestTokenKey, $verifier, $data, $this->config->getValue('requestTokenDuration', 60*30) );
@@ -138,7 +138,7 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore {
 		
 		$lifetime = $this->config->getValue('requestTokenDuration', 60*30); 
 		
-		$token = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
+		$token = new OAuthToken(SimpleSAML_Utils_Random::generateID(), SimpleSAML_Utils_Random::generateID());
 		$token->callback = $callback;	// OAuth1.0-RevA
 		$this->store->set('request', $token->key, $consumer->key, $token, $lifetime);
 		
@@ -158,7 +158,7 @@ class sspmod_oauth_OAuthStore extends OAuthDataStore {
 
     function new_access_token($requestToken, $consumer, $verifier = null) {
 		SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ')');
-		$accestoken = new OAuthToken(SimpleSAML_Utilities::generateID(), SimpleSAML_Utilities::generateID());
+		$accestoken = new OAuthToken(SimpleSAML_Utils_Random::generateID(), SimpleSAML_Utils_Random::generateID());
 		// SimpleSAML_Logger::info('OAuth new_access_token(' . $requestToken . ',' . $consumer . ',' . $accestoken . ')');
 		$this->store->set('access', $accestoken->key, $consumer->key, $accestoken, $this->config->getValue('accessTokenDuration', 60*60*24) );
         return $accestoken;
diff --git a/modules/oauth/www/registry.edit.php b/modules/oauth/www/registry.edit.php
index 1b752cd..ee69a1e 100644
--- a/modules/oauth/www/registry.edit.php
+++ b/modules/oauth/www/registry.edit.php
@@ -37,8 +37,8 @@ if (array_key_exists('editkey', $_REQUEST)) {
 } else {
 	$entry = array(
 		'owner' => $userid,
-		'key' => SimpleSAML_Utilities::generateID(),
-		'secret' => SimpleSAML_Utilities::generateID(),
+		'key' => SimpleSAML_Utils_Random::generateID(),
+		'secret' => SimpleSAML_Utils_Random::generateID(),
 	);
 }
 
diff --git a/modules/saml/lib/Auth/Process/TransientNameID.php b/modules/saml/lib/Auth/Process/TransientNameID.php
index c51d8ca..7451e45 100644
--- a/modules/saml/lib/Auth/Process/TransientNameID.php
+++ b/modules/saml/lib/Auth/Process/TransientNameID.php
@@ -28,7 +28,7 @@ class sspmod_saml_Auth_Process_TransientNameID extends sspmod_saml_BaseNameIDGen
 	 */
 	protected function getValue(array &$state) {
 
-		return SimpleSAML_Utilities::generateID();
+		return SimpleSAML_Utils_Random::generateID();
 	}
 
 }
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index e6337fc..934a140 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -809,7 +809,7 @@ class sspmod_saml_IdP_SAML2 {
 		$sessionLifetime = $config->getInteger('session.duration', 8*60*60);
 		$a->setSessionNotOnOrAfter(time() + $sessionLifetime);
 
-		$a->setSessionIndex(SimpleSAML_Utilities::generateID());
+		$a->setSessionIndex(SimpleSAML_Utils_Random::generateID());
 
 		$sc = new SAML2_XML_saml_SubjectConfirmation();
 		$sc->SubjectConfirmationData = new SAML2_XML_saml_SubjectConfirmationData();
@@ -892,7 +892,7 @@ class sspmod_saml_IdP_SAML2 {
 
 			if ($nameIdFormat === SAML2_Const::NAMEID_TRANSIENT) {
 				/* generate a random id */
-				$nameIdValue = SimpleSAML_Utilities::generateID();
+				$nameIdValue = SimpleSAML_Utils_Random::generateID();
 			} else {
 				/* this code will end up generating either a fixed assigned id (via nameid.attribute)
 				   or random id if not assigned/configured */
@@ -900,7 +900,7 @@ class sspmod_saml_IdP_SAML2 {
 				if ($nameIdValue === NULL) {
 					SimpleSAML_Logger::warning('Falling back to transient NameID.');
 					$nameIdFormat = SAML2_Const::NAMEID_TRANSIENT;
-					$nameIdValue = SimpleSAML_Utilities::generateID();
+					$nameIdValue = SimpleSAML_Utils_Random::generateID();
 				}
 			}
 
diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 6f79f7b..7a3d36a 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -167,7 +167,7 @@ class sspmod_saml_SP_LogoutStore {
 			 * it supports SLO, but we don't want an LogoutRequest with a specific
 			 * SessionIndex to match this session. We therefore generate our own session index.
 			 */
-			$sessionIndex = SimpleSAML_Utilities::generateID();
+			$sessionIndex = SimpleSAML_Utils_Random::generateID();
 		}
 
 		$store = SimpleSAML_Store::getInstance();
diff --git a/www/authmemcookie.php b/www/authmemcookie.php
index 8acd307..ca9450f 100644
--- a/www/authmemcookie.php
+++ b/www/authmemcookie.php
@@ -31,7 +31,7 @@ try {
 	$s->requireAuth();
 
 	/* Generate session id and save it in a cookie. */
-	$sessionID = SimpleSAML_Utilities::generateID();
+	$sessionID = SimpleSAML_Utils_Random::generateID();
 
 	$cookieName = $amc->getCookieName();