Move SimpleSAML_Utilities::getSecretSalt() to SimpleSAML_Utils_Config::getSecretSalt(). Deprecate the former and stop using it.

9 files changed, 47 insertions, 28 deletions

diff --git a/lib/SimpleSAML/Auth/TimeLimitedToken.php b/lib/SimpleSAML/Auth/TimeLimitedToken.php
index 3c991ce..2c48723 100644
--- a/lib/SimpleSAML/Auth/TimeLimitedToken.php
+++ b/lib/SimpleSAML/Auth/TimeLimitedToken.php
@@ -14,7 +14,7 @@ class SimpleSAML_Auth_TimeLimitedToken {
 	 */
 	public function __construct( $lifetime = 900, $secretSalt = NULL, $skew = 1) {
 		if ($secretSalt === NULL) {
-			$secretSalt = SimpleSAML_Utilities::getSecretSalt();
+			$secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
 		}
 	
 		$this->secretSalt = $secretSalt;
diff --git a/lib/SimpleSAML/Utilities.php b/lib/SimpleSAML/Utilities.php
index f130b24..e5f814a 100644
--- a/lib/SimpleSAML/Utilities.php
+++ b/lib/SimpleSAML/Utilities.php
@@ -1161,27 +1161,10 @@ class SimpleSAML_Utilities {
 
 
 	/**
-	 * Retrieve secret salt.
-	 *
-	 * This function retrieves the value which is configured as the secret salt. It will
-	 * check that the value exists and is set to a non-default value. If it isn't, an
-	 * exception will be thrown.
-	 *
-	 * The secret salt can be used as a component in hash functions, to make it difficult to
-	 * test all possible values in order to retrieve the original value. It can also be used
-	 * as a simple method for signing data, by hashing the data together with the salt.
-	 *
-	 * @return string  The secret salt.
+	 * @deprecated This function will be removed in SSP 2.0. Please use SimpleSAML_Utils_Config::getSecretSalt() instead.
 	 */
 	public static function getSecretSalt() {
-
-		$secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
-		if ($secretSalt === 'defaultsecretsalt') {
-			throw new Exception('The "secretsalt" configuration option must be set to a secret' .
-			                    ' value.');
-		}
-
-		return $secretSalt;
+		return SimpleSAML_Utils_Config::getSecretSalt();
 	}
 
 
diff --git a/lib/SimpleSAML/Utils/Config.php b/lib/SimpleSAML/Utils/Config.php
new file mode 100644
index 0000000..43ade2a
--- /dev/null
+++ b/lib/SimpleSAML/Utils/Config.php
@@ -0,0 +1,36 @@
+<?php
+
+
+/**
+ * Utility class for SimpleSAMLphp configuration management and manipulation.
+ *
+ * @package SimpleSAMLphp
+ */
+class SimpleSAML_Utils_Config
+{
+
+    /**
+     * Retrieve the secret salt.
+     *
+     * This function retrieves the value which is configured as the secret salt. It will check that the value exists
+     * and is set to a non-default value. If it isn't, an exception will be thrown.
+     *
+     * The secret salt can be used as a component in hash functions, to make it difficult to test all possible values
+     * in order to retrieve the original value. It can also be used as a simple method for signing data, by hashing the
+     * data together with the salt.
+     *
+     * @return string The secret salt.
+     *
+     * @throws SimpleSAML_Error_Exception If the secret salt hasn't been configured.
+     * @author Olav Morken, UNINETT AS <olav.morken@uninett.no> 
+     */
+    public static function getSecretSalt()
+    {
+        $secretSalt = SimpleSAML_Configuration::getInstance()->getString('secretsalt');
+        if ($secretSalt === 'defaultsecretsalt') {
+            throw new SimpleSAML_Error_Exception('The "secretsalt" configuration option must be set to a secret value.');
+        }
+
+        return $secretSalt;
+    }
+}
\ No newline at end of file
diff --git a/lib/SimpleSAML/Utils/Crypto.php b/lib/SimpleSAML/Utils/Crypto.php
index c3090e1..d7eee79 100644
--- a/lib/SimpleSAML/Utils/Crypto.php
+++ b/lib/SimpleSAML/Utils/Crypto.php
@@ -34,7 +34,7 @@ class SimpleSAML_Utils_Crypto
         $ivSize = mcrypt_get_iv_size($enc, $mode);
         $keySize = mcrypt_get_key_size($enc, $mode);
 
-        $key = hash('sha256', SimpleSAML_Utilities::getSecretSalt(), true);
+        $key = hash('sha256', SimpleSAML_Utils_Config::getSecretSalt(), true);
         $key = substr($key, 0, $keySize);
 
         $iv = substr($ciphertext, 0, $ivSize);
@@ -75,7 +75,7 @@ class SimpleSAML_Utils_Crypto
         $ivSize = mcrypt_get_iv_size($enc, $mode);
         $keySize = mcrypt_get_key_size($enc, $mode);
 
-        $key = hash('sha256', SimpleSAML_Utilities::getSecretSalt(), true);
+        $key = hash('sha256', SimpleSAML_Utils_Config::getSecretSalt(), true);
         $key = substr($key, 0, $keySize);
 
         $len = strlen($data);
diff --git a/modules/consent/lib/Auth/Process/Consent.php b/modules/consent/lib/Auth/Process/Consent.php
index 0cc8950..87c954d 100644
--- a/modules/consent/lib/Auth/Process/Consent.php
+++ b/modules/consent/lib/Auth/Process/Consent.php
@@ -290,7 +290,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
      */
     public static function getHashedUserID($userid, $source)
     {
-        return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source);
+        return hash('sha1', $userid . '|' . SimpleSAML_Utils_Config::getSecretSalt() . '|' . $source);
     }
 
     /**
@@ -304,7 +304,7 @@ class sspmod_consent_Auth_Process_Consent extends SimpleSAML_Auth_ProcessingFilt
      */
     public static function getTargetedID($userid, $source, $destination)
     {
-        return hash('sha1', $userid . '|' . SimpleSAML_Utilities::getSecretSalt() . '|' . $source . '|' . $destination);
+        return hash('sha1', $userid . '|' . SimpleSAML_Utils_Config::getSecretSalt() . '|' . $source . '|' . $destination);
     }
 
     /**
diff --git a/modules/consent/lib/Consent/Store/Cookie.php b/modules/consent/lib/Consent/Store/Cookie.php
index 265d36c..81ce16f 100644
--- a/modules/consent/lib/Consent/Store/Cookie.php
+++ b/modules/consent/lib/Consent/Store/Cookie.php
@@ -199,7 +199,7 @@ class sspmod_consent_Consent_Store_Cookie extends sspmod_consent_Store
     {
         assert('is_string($data)');
 
-        $secretSalt = SimpleSAML_Utilities::getSecretSalt();
+        $secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
 
         return sha1($secretSalt . $data . $secretSalt) . ':' . $data;
     }
diff --git a/modules/core/lib/Auth/Process/TargetedID.php b/modules/core/lib/Auth/Process/TargetedID.php
index aafdd23..4cc86ff 100644
--- a/modules/core/lib/Auth/Process/TargetedID.php
+++ b/modules/core/lib/Auth/Process/TargetedID.php
@@ -100,7 +100,7 @@ class sspmod_core_Auth_Process_TargetedID extends SimpleSAML_Auth_ProcessingFilt
 		}
 
 
-		$secretSalt = SimpleSAML_Utilities::getSecretSalt();
+		$secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
 
 		if (array_key_exists('Source', $state)) {
 			$srcID = self::getEntityId($state['Source']);
diff --git a/modules/saml/lib/Auth/Process/PersistentNameID.php b/modules/saml/lib/Auth/Process/PersistentNameID.php
index 5116755..3f0f478 100644
--- a/modules/saml/lib/Auth/Process/PersistentNameID.php
+++ b/modules/saml/lib/Auth/Process/PersistentNameID.php
@@ -64,7 +64,7 @@ class sspmod_saml_Auth_Process_PersistentNameID extends sspmod_saml_BaseNameIDGe
 		$uid = array_values($state['Attributes'][$this->attribute]); /* Just in case the first index is no longer 0. */
 		$uid = $uid[0];
 
-		$secretSalt = SimpleSAML_Utilities::getSecretSalt();
+		$secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
 
 		$uidData = 'uidhashbase' . $secretSalt;
 		$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;
diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 934a140..82b7e90 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -628,7 +628,7 @@ class sspmod_saml_IdP_SAML2 {
 				$idpEntityId = $idpMetadata->getString('entityid');
 				$spEntityId = $spMetadata->getString('entityid');
 
-				$secretSalt = SimpleSAML_Utilities::getSecretSalt();
+				$secretSalt = SimpleSAML_Utils_Config::getSecretSalt();
 
 				$uidData = 'uidhashbase' . $secretSalt;
 				$uidData .= strlen($idpEntityId) . ':' . $idpEntityId;