4 files changed, 23 insertions, 33 deletions

diff --git a/Core/Util/ClassUtils.php b/Core/Util/ClassUtils.php
index 6c87096..06186ef 100644
--- a/Core/Util/ClassUtils.php
+++ b/Core/Util/ClassUtils.php
@@ -11,13 +11,15 @@
 
 namespace Symfony\Component\Security\Core\Util;
 
-use Doctrine\Common\Util\ClassUtils as DoctrineClassUtils;
+use Symfony\Component\Security\Acl\Util\ClassUtils as AclClassUtils;
+
+@trigger_error('The '.__NAMESPACE__.'\ClassUtils class is deprecated since version 2.8, to be removed in 3.0. Use Symfony\Component\Security\Acl\Util\ClassUtils instead.', E_USER_DEPRECATED);
 
 /**
  * Class related functionality for objects that
  * might or might not be proxy objects at the moment.
  *
- * @see DoctrineClassUtils
+ * @deprecated ClassUtils is deprecated since version 2.8, to be removed in 3.0. Use Acl ClassUtils instead.
  *
  * @author Benjamin Eberlei <kontakt@beberlei.de>
  * @author Johannes Schmitt <schmittjoh@gmail.com>
@@ -54,6 +56,11 @@ class ClassUtils
      */
     public static function getRealClass($object)
     {
+        if (class_exists('Symfony\Component\Security\Acl\Util\ClassUtils')) {
+            return AclClassUtils::getRealClass($object);
+        }
+
+        // fallback in case security-acl is not installed
         $class = is_object($object) ? get_class($object) : $object;
 
         if (false === $pos = strrpos($class, '\\'.self::MARKER.'\\')) {
diff --git a/Core/Util/SecureRandom.php b/Core/Util/SecureRandom.php
index 478f556..06ed893 100644
--- a/Core/Util/SecureRandom.php
+++ b/Core/Util/SecureRandom.php
@@ -11,11 +11,15 @@
 
 namespace Symfony\Component\Security\Core\Util;
 
+@trigger_error('The '.__NAMESPACE__.'\SecureRandom class is deprecated since version 2.8 and will be removed in 3.0. Use the random_bytes() function instead.', E_USER_DEPRECATED);
+
 /**
  * A secure random number generator implementation.
  *
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ *
+ * @deprecated since version 2.8, to be removed in 3.0. Use the random_bytes function instead
  */
 final class SecureRandom implements SecureRandomInterface
 {
diff --git a/Core/Util/SecureRandomInterface.php b/Core/Util/SecureRandomInterface.php
index 87d3ace..df5509b 100644
--- a/Core/Util/SecureRandomInterface.php
+++ b/Core/Util/SecureRandomInterface.php
@@ -15,6 +15,8 @@ namespace Symfony\Component\Security\Core\Util;
  * Interface that needs to be implemented by all secure random number generators.
  *
  * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @deprecated since version 2.8, to be removed in 3.0. Use the random_bytes function instead
  */
 interface SecureRandomInterface
 {
diff --git a/Core/Util/StringUtils.php b/Core/Util/StringUtils.php
index 343585c..bb0c8b2 100644
--- a/Core/Util/StringUtils.php
+++ b/Core/Util/StringUtils.php
@@ -11,10 +11,16 @@
 
 namespace Symfony\Component\Security\Core\Util;
 
+@trigger_error('The '.__NAMESPACE__.'\\StringUtils class is deprecated since version 2.8 and will be removed in 3.0. Use hash_equals() instead.', E_USER_DEPRECATED);
+
+use Symfony\Polyfill\Util\Binary;
+
 /**
  * String utility functions.
  *
  * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @deprecated since 2.8, to be removed in 3.0.
  */
 class StringUtils
 {
@@ -47,25 +53,7 @@ class StringUtils
             $userInput = (string) $userInput;
         }
 
-        if (function_exists('hash_equals')) {
-            return hash_equals($knownString, $userInput);
-        }
-
-        $knownLen = self::safeStrlen($knownString);
-        $userLen = self::safeStrlen($userInput);
-
-        if ($userLen !== $knownLen) {
-            return false;
-        }
-
-        $result = 0;
-
-        for ($i = 0; $i < $knownLen; ++$i) {
-            $result |= (ord($knownString[$i]) ^ ord($userInput[$i]));
-        }
-
-        // They are only identical strings if $result is exactly 0...
-        return 0 === $result;
+        return hash_equals($knownString, $userInput);
     }
 
     /**
@@ -77,17 +65,6 @@ class StringUtils
      */
     public static function safeStrlen($string)
     {
-        // Premature optimization
-        // Since this cannot be changed at runtime, we can cache it
-        static $funcExists = null;
-        if (null === $funcExists) {
-            $funcExists = function_exists('mb_strlen');
-        }
-
-        if ($funcExists) {
-            return mb_strlen($string, '8bit');
-        }
-
-        return strlen($string);
+        return Binary::strlen($string);
     }
 }