From 11fe6327c18a73a50623b014f0e08b8d1c2fa0bf Mon Sep 17 00:00:00 2001
From: SkelSec <info@skelsecprojects.com>
Date: Mon, 26 Sep 2022 23:27:49 +0200
Subject: [PATCH] adding better secrets loading

---
 minikerberos/_version.py     |  2 +-
 minikerberos/common/creds.py | 71 ++++++++++++++++++++++++++++--------
 setup.py                     |  2 +-
 3 files changed, 57 insertions(+), 18 deletions(-)

diff --git a/minikerberos/_version.py b/minikerberos/_version.py
index 83fc369..709233e 100644
--- a/minikerberos/_version.py
+++ b/minikerberos/_version.py
@@ -1,5 +1,5 @@
 
-__version__ = "0.3.1"
+__version__ = "0.3.2"
 __banner__ = \
 """
 # minikerberos %s 
diff --git a/minikerberos/common/creds.py b/minikerberos/common/creds.py
index 17514f0..cf8715f 100644
--- a/minikerberos/common/creds.py
+++ b/minikerberos/common/creds.py
@@ -24,7 +24,21 @@
 from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key
 from oscrypto.keys import parse_pkcs12, parse_certificate, parse_private
 
-
+def get_encoded_data(data:bytes|str, encoding = 'file') -> bytes:
+	if encoding == 'file':
+		with open(data, 'rb') as kf:
+			return kf.read()
+	elif encoding == 'hex':
+		return bytes.fromhex(data)
+	elif encoding == 'b64' or encoding == 'base64':
+		if isinstance(data, str):
+			data = data.encode()
+		return base64.b64decode(data)
+	elif encoding == 'raw':
+		if isinstance(data, str):
+			data = data.encode()
+		return data
+	raise Exception('Unknown encoding "%s"!' % encoding)
 
 class KerberosCredential:
 	def __init__(self):
@@ -116,6 +130,9 @@ def get_key_for_enctype(self, etype:EncryptionType, salt:bytes = None) -> bytes:
 			raise Exception('Unsupported encryption type: %s' % etype.name)
 
 	def get_supported_enctypes(self, as_int = True) -> List[EncryptionType]:
+		"""
+		Returns a list of all EncryptionTypes this credentials can use for authentication
+		"""
 		supp_enctypes = collections.OrderedDict()
 		if self.kerberos_key_aes_256:
 			supp_enctypes[EncryptionType.AES256_CTS_HMAC_SHA1_96] = 1
@@ -146,20 +163,50 @@ def get_supported_enctypes(self, as_int = True) -> List[EncryptionType]:
 		if as_int == True:
 			return [etype.value for etype in supp_enctypes]
 		return [etype for etype in supp_enctypes]
-	
+
 	@staticmethod
-	def from_krbcred(keytab_file_path: str, principal: str = None, realm: str = None) -> KerberosCredential:
-		return KerberosCredential.from_kirbi(keytab_file_path, principal, realm)
+	def from_keytab(keytab_file_path: str, principal: str, realm: str, encoding = 'file') -> KerberosCredential:
+		"""Returns a kerberos credential object from Keytab file/data"""
+		cred = KerberosCredential()
+		cred.username = principal
+		cred.domain = realm
+		data = get_encoded_data(keytab_file_path, encoding=encoding)
+		return KerberosCredential.from_keytab_string(data, principal, realm)
+
+	@staticmethod
+	def from_ccache(data, principal: str = None, realm: str = None, encoding = 'file') -> KerberosCredential:
+		"""Returns a kerberos credential object with CCACHE database"""
+		data = get_encoded_data(data, encoding=encoding)
+		k = KerberosCredential()
+		k.username = principal
+		k.domain = realm
+		k.ccache = CCACHE.from_bytes(data)
+		return k
 
 	@staticmethod
-	def from_kirbi(keytab_file_path: str, principal: str = None, realm: str = None) -> KerberosCredential:
+	def from_kirbi(keytab_file_path: str, principal: str = None, realm: str = None, encoding = 'file') -> KerberosCredential:
+		"""Returns a kerberos credential object from .kirbi file"""
+		data = get_encoded_data(keytab_file_path, encoding=encoding)
 		cred = KerberosCredential()
 		cred.username = principal
 		cred.domain = realm
-		cred.ccache = CCACHE.from_kirbifile(keytab_file_path)
+		cred.ccache = CCACHE.from_kirbi(data)
 		cred.ccache_spn_strict_check = False
 		return cred
-
+	
+	@staticmethod
+	def from_pfx(data:str, password:str, dhparams:DirtyDH = None, username:str = None, domain:str = None, encoding = 'file') -> KerberosCredential:
+		"""
+		Retruns a credential object from data found in the PFX file
+		Username and domain will override the values found in the certificate
+		"""
+		data = get_encoded_data(data, encoding=encoding)
+		return KerberosCredential.from_pfx_string(data, password, dhparams = dhparams, username = username, domain = domain)
+	
+	@staticmethod
+	def from_krbcred(keytab_file_path: str, principal: str = None, realm: str = None) -> KerberosCredential:
+		return KerberosCredential.from_kirbi(keytab_file_path, principal, realm)
+	
 	@staticmethod
 	def from_keytab_string(self, keytabdata: str|bytes, principal: str, realm: str) -> KerberosCredential:
 		cred = KerberosCredential()
@@ -195,17 +242,9 @@ def from_keytab_string(self, keytabdata: str|bytes, principal: str, realm: str)
 		
 		return cred
 
-	@staticmethod
-	def from_keytab(keytab_file_path: str, principal: str, realm: str) -> KerberosCredential:
-		cred = KerberosCredential()
-		cred.username = principal
-		cred.domain = realm
-
-		with open(keytab_file_path, 'rb') as kf:
-			return KerberosCredential.from_keytab_string(kf.read(), principal, realm)
-
 	@staticmethod
 	def from_ccache_file(filepath, principal: str = None, realm: str = None) -> KerberosCredential:
+		"""Depricated! Use from_ccache with proper encoding instead!"""
 		k = KerberosCredential()
 		k.username = principal
 		k.domain = realm
diff --git a/setup.py b/setup.py
index 4bb325a..803ba89 100644
--- a/setup.py
+++ b/setup.py
@@ -46,7 +46,7 @@
 	install_requires=[
 		'asn1crypto>=1.3.0',
 		'oscrypto>=1.2.1',
-		'asysocks>=0.2.0',
+		'asysocks>=0.2.2',
 		'unicrypto>=0.0.8',
 	],