В этом конкретном случае «прикручено» в Yii.
Читаем непосредственно с таблицы пользователей Jira
<?php
namespace app\models;
class User extends \yii\base\Object implements \yii\web\IdentityInterface
{
public $id;
public $username;
public $password;
public $authKey;
public $accessToken;
public $credential;
public $first_name;
public $last_name;
public $gid;
public $group_name;
public static function _init() {
if (empty(self::$users)) {
$users = \Yii::$app->db->createCommand("select c.id, c.lower_user_name username, c.credential, c.first_name, c.last_name from cwd_user c where c.active = 1")
->cache(3600)
->queryAll();
foreach ($users as $u) {
self::$users[$u['id']] = $u;
}
}
}
public static $users = [];
...............................
/**
* Validates password
*
* @param string $password password to validate
* @return boolean if password provided is valid for current user
*/
public function validatePassword($password)
{
return JiraAuth::isValidPassword($password, $this->credential);
}
}
И сам класс проверки пароля
<?php
class JiraAuth {
const DEFAULT_PREFIX = '{PKCS5S2}';
const DEFAULT_SALT_LENGTH_BYTES = 16;
public static function isValidPassword($password, $credential) {
$ret = false;
if ( strrpos($credential, JiraAuth::DEFAULT_PREFIX) === false)
return $ret;
$credential = substr($credential, strlen(JiraAuth::DEFAULT_PREFIX)-1);
$binSaltAndKey = base64_decode($credential);
if (strlen($binSaltAndKey)<48)
return $ret;
$salt = substr($binSaltAndKey,0,JiraAuth::DEFAULT_SALT_LENGTH_BYTES);
$oldKey = bin2hex(substr($binSaltAndKey,JiraAuth::DEFAULT_SALT_LENGTH_BYTES));
$newKey = hash_pbkdf2('sha1', $password, $salt, 10000, 64);
return ($oldKey == $newKey);
}
}
Замечание, PHP нужен от 5.5, а JIRA была версии v6.3