#!/bin/sh 

# geni s2_run_query
# using aba_prover_yap

echo "=====================s2_run_query=================="

pwd=`pwd`

eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
if [ "$eloc" = "" ]; then
  echo "ERROR: abac_prover_yap is not in the search path!!!"
  exit 1
fi

keyloc=$pwd

g=`creddy --keyid --cert $keyloc/G_ID.pem`
pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
sa=`creddy --keyid --cert $keyloc/SA_ID.pem`

drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
frank=`creddy --keyid --cert $keyloc/Frank_ID.pem`
dan=`creddy --keyid --cert $keyloc/Dan_ID.pem`
jim=`creddy --keyid --cert $keyloc/Jim_ID.pem`
nancy=`creddy --keyid --cert $keyloc/Nancy_ID.pem`
lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem`
cary=`creddy --keyid --cert $keyloc/Cary_ID.pem`
alice=`creddy --keyid --cert $keyloc/Alice_ID.pem`

## dump all credentials 
env ABAC_CN=1 $eloc/abac_prover_yap  --keystore $keyloc --dump s2_creds_dump

#  runMember Cary $cary good bad
runMember() {
   id=$2 
   proj="'$3'"
   role="[keyid:$pa].role:member_([string:$proj])"
   prin="[keyid:$id]"
   echo " "
   echo "===$4============ PA.member_($3)<-?-$1"
   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"

   role="[keyid:$pa].role:member([string:$proj])"
   prin="[keyid:$id]"
   echo " "
   echo "===$5============ PA.member("$3")<-?-$1"
   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
}


## PA.member_("proj1") <- Cary
#[keyid:PA].role:member_([string:'proj1']) <-?- [keyid:Cary] 
## PA.member("proj1") <- Cary
#[keyid:PA].role:member([string:'proj1']) <-?- [keyid:Cary] 

runMember Frank $frank proj1 bad good
runMember Dan $dan proj1 good good
runMember Dan $dan proj2 good good
runMember Jim $jim proj1 bad good
runMember Nancy $nancy proj1 good good
runMember Lisa $lisa proj1 bad good
runMember Cary $cary proj1 bad good
runMember Alice $alice proj1 good good
runMember Drd $drd proj1 good good

echo "\n\n"