1 files changed, 65 insertions, 0 deletions
diff --git a/Core/Encoder/MessageDigestPasswordEncoder.php b/Core/Encoder/MessageDigestPasswordEncoder.php
new file mode 100644
index 0000000..811dd4c
--- /dev/null
+++ b/Core/Encoder/MessageDigestPasswordEncoder.php
@@ -0,0 +1,65 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien.potencier@symfony-project.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Encoder;
+
+/**
+ * MessageDigestPasswordEncoder uses a message digest algorithm.
+ *
+ * @author Fabien Potencier <fabien.potencier@symfony-project.com>
+ */
+class MessageDigestPasswordEncoder extends BasePasswordEncoder
+{
+    protected $algorithm;
+    protected $encodeHashAsBase64;
+
+    /**
+     * Constructor.
+     *
+     * @param string  $algorithm          The digest algorithm to use
+     * @param Boolean $encodeHashAsBase64 Whether to base64 encode the password hash
+     * @param integer $iterations         The number of iterations to use to stretch the password hash
+     */
+    public function __construct($algorithm = 'sha256', $encodeHashAsBase64 = false, $iterations = 1)
+    {
+        $this->algorithm = $algorithm;
+        $this->encodeHashAsBase64 = $encodeHashAsBase64;
+        $this->iterations = $iterations;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function encodePassword($raw, $salt)
+    {
+        if (!in_array($this->algorithm, hash_algos(), true)) {
+            throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $this->algorithm));
+        }
+
+        $salted = $this->mergePasswordAndSalt($raw, $salt);
+        $digest = hash($this->algorithm, $salted, true);
+
+        // "stretch" hash
+        for ($i = 1; $i < $this->iterations; $i++) {
+            $digest = hash($this->algorithm, $digest, true);
+        }
+
+        return $this->encodeHashAsBase64 ? base64_encode($digest) : bin2hex($digest);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function isPasswordValid($encoded, $raw, $salt)
+    {
+        return $this->comparePasswords($encoded, $this->encodePassword($raw, $salt));
+    }
+}