#!/bin/sh 

# geni s1_run_query
# using aba_prover_yap

echo "=====================s1_run_query=================="

pwd=`pwd`

eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
if [ "$eloc" = "" ]; then
  echo "ERROR: abac_prover_yap is not in the search path!!!"
  exit 1
fi

keyloc=$pwd

g=`creddy --keyid --cert $keyloc/G_ID.pem`
pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
sa=`creddy --keyid --cert $keyloc/SA_ID.pem`

## dump all credentials 
env ABAC_CN=1 $eloc/abac_prover_yap  --keystore $keyloc --dump s1_creds_dump

## PA.std_ops <- "info"
#[keyid:PA].oset:std_ops <-?- [string:'info'] (yes)
role="[keyid:$pa].oset:std_ops"
prin="[string:'info']"
echo " "
echo "===good============ PA.std_ops<-?-info"
$eloc/abac_prover_yap  --keystore $keyloc --role "$role" --principal "$prin"

#[keyid:G].oset:qualifiedProject <-?- [string:'proj1'] (yes)
role="[keyid:$g].oset:qualifiedProject"
prin="[string:'proj1']"
echo " "
echo "===good============ G.qualifiedProject<-?-proj1"
$eloc/abac_prover_yap  --keystore $keyloc --role "$role" --principal "$prin"

#[keyid:G].oset:qualifiedProject <-?- [string:'projX'] (no)
role="[keyid:$g].oset:qualifiedProject"
prin="[string:'projX']"
echo " "
echo "===bad============ G.qualifiedProject<-?-projX"
$eloc/abac_prover_yap  --keystore $keyloc --role "$role" --principal "$prin"

#[keyid:SA].oset:inStdProject <-?- [string:'proj1']
role="[keyid:$sa].oset:inStdProject"
prin="[string:'proj1']"
echo " "
echo "===bad============ SA.inStdProject<-?-proj1"
$eloc/abac_prover_yap  --keystore $keyloc --role "$role" --principal "$prin"

echo "\n\n"