source: examples/access_tests/creddy_prover/s2_query.py @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 5.3 KB
Line 
1#!/usr/bin/env python
2
3"""
4  s2_query.py
5using python api
6
7"""
8
9print("=====================s2_query.py==================")
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set, using current directory...")
23    ctxt.load_directory(".")
24
25##########################################################################
26def get_next(CTXT) :
27    while( 1 ) :
28        print ("\nnext proof:")
29        (success, out) = CTXT.next_proof()
30        if(success) :
31            for c in out:
32                print "%s <- %s" % (c.head_string(), c.tail_string())
33        else:
34            print("no more..\n")
35            return
36
37# dump the loaded principals/policies
38def dump_all(CTXT,msg) :
39    out = CTXT.context_principals()
40    print "\n...%s principal set..." % msg
41    for x in out[1]:
42        print "#PP# %s " % x.string()
43    out = CTXT.context_credentials()
44    print "\n...%s policy attribute set..." %msg
45    for c in out[1]:
46        print "#CC# %s <- %s" % (c.head_string(), c.tail_string())
47
48##########################################################################
49# retrieve principals' keyid value from local credential files
50paID=ABAC.ID("PA_ID.pem");
51pa=paID.id_keyid()
52
53jimID=ABAC.ID("Jim_ID.pem");
54jim=jimID.id_keyid()
55
56nancyID=ABAC.ID("Nancy_ID.pem");
57nancy=nancyID.id_keyid()
58
59caryID=ABAC.ID("Cary_ID.pem");
60cary=caryID.id_keyid()
61
62drdID=ABAC.ID("Drd_ID.pem");
63drd=drdID.id_keyid()
64
65frankID=ABAC.ID("Frank_ID.pem");
66frank=frankID.id_keyid()
67
68##########################################################################
69#dump_all(ctxt,"initial")
70#ctxt.set_no_partial_proof()
71
72##########################################################################
73# role=[keyid:PA].role:delegate_member_([string:'proj1'])
74# p =[keyid:Cary]
75#
76role=ABAC.Role(pa,"delegate_member_")
77param=ABAC.DataTerm("string", "'proj1'")
78role.role_add_data_term(param)
79p = ABAC.Role(cary)
80
81print "\n===good============ PA.delegate_member_('proj1') <-?- Cary"
82out = ctxt.query(role, p)
83for c in out[1]:
84    print "%s <- %s" % (c.head_string(), c.tail_string())
85#get_next(ctxt)
86
87##########################################################################
88# role=[keyid:PA].role:member_([string:'proj1'])
89# p =[keyid:Cary]
90#
91role=ABAC.Role(pa,"member_")
92param=ABAC.DataTerm("string", "'proj1'")
93role.role_add_data_term(param)
94p = ABAC.Role(cary)
95
96print "\n===bad============ PA.member_('proj1') <-?- Cary"
97out = ctxt.query(role, p)
98for c in out[1]:
99    print "%s <- %s" % (c.head_string(), c.tail_string())
100#get_next(ctxt)
101
102##########################################################################
103# role=[keyid:PA].role:member([string:'proj1'])
104# p =[keyid:Cary]
105#
106role=ABAC.Role(pa,"member")
107param=ABAC.DataTerm("string", "'proj1'")
108role.role_add_data_term(param)
109p = ABAC.Role(cary)
110
111print "\n===good============ PA.member('proj1') <-?- Cary"
112out = ctxt.query(role, p)
113for c in out[1]:
114    print "%s <- %s" % (c.head_string(), c.tail_string())
115#get_next(ctxt)
116
117##########################################################################
118# role=[keyid:PA].role:member([string:'proj1'])
119# p =[keyid:Drd]
120#
121role=ABAC.Role(pa,"member")
122param=ABAC.DataTerm("string", "'proj1'")
123role.role_add_data_term(param)
124p = ABAC.Role(drd)
125
126print "\n===good============ PA.member('proj1') <-?- Drd"
127out = ctxt.query(role, p)
128for c in out[1]:
129    print "%s <- %s" % (c.head_string(), c.tail_string())
130get_next(ctxt)
131
132##########################################################################
133# role=[keyid:PA].role:member([string:'proj1'])
134# p =[keyid:Frank]
135#
136role=ABAC.Role(pa,"member")
137param=ABAC.DataTerm("string", "'proj1'")
138role.role_add_data_term(param)
139p = ABAC.Role(frank)
140
141print "\n===good============ PA.member('proj1') <-?- Frank"
142out = ctxt.query(role, p)
143for c in out[1]:
144    print "%s <- %s" % (c.head_string(), c.tail_string())
145get_next(ctxt)
146
147##########################################################################
148# role=[keyid:PA].role:delegate_member_([string:'proj1'])
149# p =[keyid:Jim]
150#
151role=ABAC.Role(pa,"delegate_member_")
152param=ABAC.DataTerm("string", "'proj1'")
153role.role_add_data_term(param)
154p = ABAC.Role(jim)
155
156print "\n===good============ PA.delegate_member_('proj1') <-?- Jim"
157out = ctxt.query(role, p)
158for c in out[1]:
159    print "%s <- %s" % (c.head_string(), c.tail_string())
160#get_next(ctxt)
161
162##########################################################################
163# role=[keyid:PA].role:member_([string:'proj1'])
164# p =[keyid:Cary]
165#
166role=ABAC.Role(pa,"member_")
167param=ABAC.DataTerm("string", "'proj1'")
168role.role_add_data_term(param)
169p = ABAC.Role(jim)
170
171print "\n===bad============ PA.member_('proj1') <-?- Jim"
172out = ctxt.query(role, p)
173for c in out[1]:
174    print "%s <- %s" % (c.head_string(), c.tail_string())
175#get_next(ctxt)
176
177
178##########################################################################
179# role=[keyid:PA].role:delegate_member_([string:'proj1'])
180# p =[keyid:Nancy]
181#
182role = ABAC.Role(pa,"delegate_member_")
183param=ABAC.DataTerm("string", "'proj1'")
184role.role_add_data_term(param)
185p = ABAC.Role(nancy)
186
187print "\n===bad============ PA.delegate_member_('proj1') <-?- Nancy"
188out = ctxt.query(role, p)
189for c in out[1]:
190    print "%s <- %s" % (c.head_string(), c.tail_string())
191#get_next(ctxt)
192
193print("\n\n")
194
Note: See TracBrowser for help on using the repository browser.