ktconvertor 0.1.0__tar.gz

ktconvertor-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 pengfei liu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ktconvertor-0.1.0/PKG-INFO

@@ -0,0 +1,32 @@
+Metadata-Version: 2.4
+Name: ktconvertor
+Version: 0.1.0
+Summary: This tool can convert kerberos ticket of format .kirbi to standard MIT CCACHE format
+Author-email: Pengfei Liu <pengfei.liu@casd.eu>
+License: MIT
+Keywords: kerberos,ccache
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pyasn1
+Requires-Dist: minikerberos
+Requires-Dist: asn1crypto
+Requires-Dist: typer
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.0; extra == "dev"
+Requires-Dist: black>=23.0; extra == "dev"
+Requires-Dist: isort>=5.12; extra == "dev"
+Requires-Dist: mypy>=1.0; extra == "dev"
+Dynamic: license-file
+
+# KtConvertor
+
+The objective of this project is to convert a kerberos ticket from format `.kirbi` to MIT Kerberos cache file. 
+
+
+We use the `ccache.py` of the project [minikerberos](https://github.com/skelsec/minikerberos/blob/main/minikerberos/common/ccache.py)
+
+## 
+
+

ktconvertor-0.1.0/README.md

@@ -0,0 +1,10 @@
+# KtConvertor
+
+The objective of this project is to convert a kerberos ticket from format `.kirbi` to MIT Kerberos cache file. 
+
+
+We use the `ccache.py` of the project [minikerberos](https://github.com/skelsec/minikerberos/blob/main/minikerberos/common/ccache.py)
+
+## 
+
+

ktconvertor-0.1.0/pyproject.toml

@@ -0,0 +1,41 @@
+[project]
+name = "ktconvertor"
+version = "0.1.0"
+description = "This tool can convert kerberos ticket of format .kirbi to standard MIT CCACHE format"
+readme = "README.md"
+requires-python = ">=3.11"
+
+authors = [
+    { name = "Pengfei Liu", email = "pengfei.liu@casd.eu" }
+]
+license = { text = "MIT" }
+
+keywords = ["kerberos", "ccache", ]
+
+dependencies = ["pyasn1", "minikerberos","asn1crypto", "typer"
+]
+
+[project.optional-dependencies]
+# Development dependencies (install with: pip install -e ".[dev]")
+dev = [
+    "pytest>=7.0",
+    "pytest-cov>=4.0",
+    "black>=23.0", # Code formatter
+    "isort>=5.12", # Import sorter
+    "mypy>=1.0", # Added for type checking
+]
+
+[project.scripts]
+# This allows the user to run 'convert-tgt' directly in the terminal
+convert-tgt = "ktconvertor.main:app"
+
+[build-system]
+requires = ["setuptools>=61.0"]
+build-backend = "setuptools.build_meta"
+
+# Modern project tip: Add configuration for your tools here
+[tool.black]
+line-length = 88
+
+[tool.isort]
+profile = "black"

ktconvertor-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

ktconvertor-0.1.0/src/ktconvertor/convertor.py

@@ -0,0 +1,118 @@
+import base64
+import getpass
+import os
+import sys
+from pathlib import Path
+from typing import Optional
+
+from asn1crypto import core
+from minikerberos.common.ccache import CCACHE, Credential, CCACHEPrincipal, Times, Keyblock, CCACHEOctetString
+from minikerberos.common.kirbi import Kirbi
+from minikerberos.protocol.asn1_structs import EncKrbCredPart, TicketFlags, Ticket
+
+
+def from_kirbi(kirbi: Kirbi):
+    krbcred = kirbi.kirbiobj.native
+    c = Credential()
+    enc_credinfo = EncKrbCredPart.load(krbcred['enc-part']['cipher']).native
+    ticket_info = enc_credinfo['ticket-info'][0]
+
+    c.client = CCACHEPrincipal.from_asn1(ticket_info['pname'], ticket_info['prealm'])
+    # yaaaaay 4 additional weirdness!!!!
+    # if sname name-string contains a realm as well htne impacket will crash miserably :(
+    if len(ticket_info['sname']['name-string']) > 2 and ticket_info['sname']['name-string'][-1].upper() == ticket_info[
+        'srealm'].upper():
+        print('SNAME contains the realm as well, trimming it')
+        t = ticket_info['sname']
+        t['name-string'] = t['name-string'][:-1]
+        c.server = CCACHEPrincipal.from_asn1(t, ticket_info['srealm'])
+    else:
+        c.server = CCACHEPrincipal.from_asn1(ticket_info['sname'], ticket_info['srealm'])
+
+    c.time = Times.from_asn1(ticket_info)
+    c.key = Keyblock.from_asn1(ticket_info['key'])
+    c.is_skey = 0  # not sure!
+
+    c.tktflags = TicketFlags(ticket_info['flags']).cast(core.IntegerBitString).native
+    c.num_address = 0
+    c.num_authdata = 0
+    c.ticket = CCACHEOctetString.from_asn1(
+        Ticket(krbcred['tickets'][0]).dump())  # kirbi only stores one ticket per file
+    c.second_ticket = CCACHEOctetString.empty()
+
+    return c
+
+
+def gen_cache_path(user: Optional[str] = None) -> str:
+    """
+    Generate MIT Kerberos ccache file path following OS-specific standards.
+
+    Refined to prioritize XDG specs on Linux and robust path handling on Windows.
+    """
+    if sys.platform == "darwin":
+        # macOS typically uses API-based credential caches (KCM), not flat files.
+        raise NotImplementedError("macOS uses CCAPI; file-based paths are non-standard.")
+
+    if os.name == "nt":
+        # Windows best practice: Use USERPROFILE or LOCALAPPDATA for caches
+        user = user or getpass.getuser()
+        base = Path(os.environ.get("USERPROFILE", f"C:/Users/{user}"))
+        return (base / f"krb5cc_{user}").as_posix()
+
+    # Linux / Unix / POSIX
+    # 1. Check for XDG_RUNTIME_DIR (Modern Linux standard, e.g., /run/user/1000)
+    # 2. Fallback to /tmp with UID
+    uid = os.getuid()
+    runtime_dir = os.environ.get("XDG_RUNTIME_DIR")
+
+    if runtime_dir:
+        base_path = Path(runtime_dir)
+    else:
+        base_path = Path("/tmp")
+
+    return (base_path / f"krb5cc_{uid}").as_posix()
+
+
+def convert_kirbi(src:str, dest:str=None)->str:
+    """
+     This function convert the kirbi format to MIT ccache format.
+    :param src: The path of source .kirbi file which contains the tgt binary in base64 format
+    :param dest: The path of converted MIT ccache file
+    :return:
+    """
+    # 1. Standardize path handling using Pathlib
+    # This handles ../, ./, absolute paths, and OS-specific separators ( \ vs / )
+    src_path = Path(src).expanduser().resolve()
+
+    if not src_path.exists():
+        raise FileNotFoundError(f"Source kirbi file not found: {src_path}")
+
+    # 2. Use context managers for safe File I/O
+    # This ensures the file handle is closed even if decoding fails
+    try:
+        with src_path.open("rb") as f:
+            kirbi_b64 = f.read()
+
+        # 3. Decode Base64 to raw bytes
+        kirbi_bytes = base64.b64decode(kirbi_b64)
+    except Exception as e:
+        raise ValueError(f"Failed to read or decode kirbi file: {e}")
+
+    # 4. Process the credential cache
+    cc = CCACHE.from_bytes(kirbi_bytes)
+
+    # 5. Determine destination
+    if dest:
+        dest_path = Path(dest).expanduser().resolve()
+    else:
+        # Fallback to our logic from the previous gen_cache_path function
+        dest_path = Path(gen_cache_path())
+
+    # Ensure the parent directory for the destination exists
+    dest_path.parent.mkdir(parents=True, exist_ok=True)
+
+    # 6. Write ticket to the file path
+    final_path = dest_path.as_posix()
+    cc.to_file(final_path)
+
+    return final_path

ktconvertor-0.1.0/src/ktconvertor.egg-info/PKG-INFO

@@ -0,0 +1,32 @@
+Metadata-Version: 2.4
+Name: ktconvertor
+Version: 0.1.0
+Summary: This tool can convert kerberos ticket of format .kirbi to standard MIT CCACHE format
+Author-email: Pengfei Liu <pengfei.liu@casd.eu>
+License: MIT
+Keywords: kerberos,ccache
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: pyasn1
+Requires-Dist: minikerberos
+Requires-Dist: asn1crypto
+Requires-Dist: typer
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.0; extra == "dev"
+Requires-Dist: black>=23.0; extra == "dev"
+Requires-Dist: isort>=5.12; extra == "dev"
+Requires-Dist: mypy>=1.0; extra == "dev"
+Dynamic: license-file
+
+# KtConvertor
+
+The objective of this project is to convert a kerberos ticket from format `.kirbi` to MIT Kerberos cache file. 
+
+
+We use the `ccache.py` of the project [minikerberos](https://github.com/skelsec/minikerberos/blob/main/minikerberos/common/ccache.py)
+
+## 
+
+

ktconvertor-0.1.0/src/ktconvertor.egg-info/SOURCES.txt

@@ -0,0 +1,14 @@
+LICENSE
+README.md
+pyproject.toml
+src/main.py
+src/ktconvertor/__init__.py
+src/ktconvertor/convertor.py
+src/ktconvertor.egg-info/PKG-INFO
+src/ktconvertor.egg-info/SOURCES.txt
+src/ktconvertor.egg-info/dependency_links.txt
+src/ktconvertor.egg-info/entry_points.txt
+src/ktconvertor.egg-info/requires.txt
+src/ktconvertor.egg-info/top_level.txt
+tests/test_convertor.py
+tests/test_genCachePath.py

ktconvertor-0.1.0/src/ktconvertor.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

ktconvertor-0.1.0/src/ktconvertor.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+convert-tgt = ktconvertor.main:app

ktconvertor-0.1.0/src/ktconvertor.egg-info/requires.txt

@@ -0,0 +1,11 @@
+pyasn1
+minikerberos
+asn1crypto
+typer
+
+[dev]
+pytest>=7.0
+pytest-cov>=4.0
+black>=23.0
+isort>=5.12
+mypy>=1.0

ktconvertor-0.1.0/src/ktconvertor.egg-info/top_level.txt

@@ -0,0 +1,2 @@
+ktconvertor
+main

ktconvertor-0.1.0/src/main.py

@@ -0,0 +1,53 @@
+import typer
+from pathlib import Path
+from typing import Optional
+from rich.console import Console
+
+# Adjust the import to match your package structure
+from ktconvertor.convertor import convert_kirbi
+
+# Initialize console for professional-looking output
+console = Console()
+
+app = typer.Typer(
+    name="krbconvertor",
+    help="CLI tool to convert Kerberos .kirbi tickets to MIT CCACHE format.",
+    rich_markup_mode="rich"
+)
+
+
+@app.command()
+def convert(
+        kirbi_path: Path = typer.Argument(
+            ...,
+            exists=True,
+            file_okay=True,
+            dir_okay=False,
+            readable=True,
+            resolve_path=True,
+            help="Path to the input .kirbi ticket file."
+        ),
+        ccache_path: Optional[Path] = typer.Option(
+            None,
+            "--output", "-o",
+            writable=True,
+            help="Path for the output .ccache file. If omitted, uses the default OS cache path."
+        ),
+):
+    """
+    Convert a Kerberos .kirbi ticket to .ccache format.
+    """
+    try:
+        # Convert Path object back to string if your core function requires it,
+        # though it's better if convert_kirbi handles Path objects.
+        final_path = convert_kirbi(str(kirbi_path), str(ccache_path) if ccache_path else None)
+
+        console.print(f"[bold green]✓ Success:[/bold green] Ticket converted to [cyan]{final_path}[/cyan]")
+
+    except Exception as e:
+        console.print(f"[bold red]✗ Error:[/bold red] {e}")
+        raise typer.Exit(code=1)
+
+
+if __name__ == "__main__":
+    app()

ktconvertor-0.1.0/tests/test_convertor.py

@@ -0,0 +1,16 @@
+from ktconvertor.convertor import convert_kirbi
+
+
+def test_convertor_with_given_path():
+    kirbi = "C:/Users/pliu/Documents/git/krbTicketConvertor/tests/tmp/tgt.kirbi"
+    ccache = "C:/Users/pliu/Documents/git/krbTicketConvertor/tests/tmp/tgt.ccache"
+
+    convert_kirbi(kirbi, ccache)
+
+def test_convertor_with_default_path():
+    kirbi = "C:/Users/pliu/Documents/git/krbTicketConvertor/tests/tmp/tgt.kirbi"
+    convert_kirbi(kirbi)
+
+def test_convertor_with_relative_path():
+    kirbi = "./tests/tmp/tgt.kirbi"
+    convert_kirbi(kirbi)

ktconvertor-0.1.0/tests/test_genCachePath.py

@@ -0,0 +1,55 @@
+import os
+import sys
+import pytest
+from unittest.mock import patch, MagicMock
+from pathlib import Path
+
+
+from ktconvertor.convertor import gen_cache_path
+
+
+class TestGenCachePath:
+
+    @patch("sys.platform", "darwin")
+    def test_macos_raises_error(self):
+        """Ensure macOS triggers the expected NotImplementedError."""
+        with pytest.raises(NotImplementedError, match="macOS uses CCAPI"):
+            gen_cache_path()
+
+    @patch("os.name", "nt")
+    @patch("getpass.getuser", return_value="alice")
+    @patch.dict(os.environ, {"USERPROFILE": "C:\\Users\\alice"})
+    def test_windows_path_generation(self, mock_getuser):
+        """Verify Windows path logic using environment variables."""
+        path = gen_cache_path()
+        # Pathlib handles the slash conversion, .as_posix() ensures forward slashes
+        assert path == "C:/Users/alice/krb5cc_alice"
+
+
+    @patch("os.name", "nt")
+    @patch.dict(os.environ, {"USERPROFILE": "C:\\Users\\bob"})
+    def test_explicit_user_override(self):
+        """Ensure providing a 'user' argument overrides the system user."""
+        path = gen_cache_path(user="admin")
+        assert path == "C:/Users/bob/krb5cc_admin"
+
+####### The linux os test will fail if you run under windows ###############
+# the os module is dynamic; attributes like getuid or setuid simply do not exist when Python runs on Windows.
+    @patch("os.name", "posix")
+    @patch("sys.platform", "linux")
+    @patch("os.getuid", return_value=1000)
+    @patch.dict(os.environ, {}, clear=True)
+    def test_linux_fallback_path(self, mock_uid):
+        """Verify fallback to /tmp when XDG_RUNTIME_DIR is missing.
+        """
+        path = gen_cache_path()
+        assert path == "/tmp/krb5cc_1000"
+
+    @patch("os.name", "posix")
+    @patch("sys.platform", "linux")
+    @patch("os.getuid", return_value=1000)
+    @patch.dict(os.environ, {"XDG_RUNTIME_DIR": "/run/user/1000"})
+    def test_linux_xdg_path(self, mock_uid):
+        """Verify preference for XDG_RUNTIME_DIR on modern Linux systems."""
+        path = gen_cache_path()
+        assert path == "/run/user/1000/krb5cc_1000"