#!/bin/sh 

# geni s3_run_query
# using aba_prover_yap

echo "=====================s3_run_query=================="

pwd=`pwd`

eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
if [ "$eloc" = "" ]; then
  echo "ERROR: abac_prover_yap is not in the search path!!!"
  exit 1
fi

keyloc=$pwd

g=`creddy --keyid --cert $keyloc/G_ID.pem`
pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
sa=`creddy --keyid --cert $keyloc/SA_ID.pem`

drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
frank=`creddy --keyid --cert $keyloc/Frank_ID.pem`
dan=`creddy --keyid --cert $keyloc/Dan_ID.pem`
lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem`
john=`creddy --keyid --cert $keyloc/John_ID.pem`
joe=`creddy --keyid --cert $keyloc/Joe_ID.pem`
tim=`creddy --keyid --cert $keyloc/Tim_ID.pem`
james=`creddy --keyid --cert $keyloc/James_ID.pem`

## dump all credentials 
env ABAC_CN=1 $eloc/abac_prover_yap  --keystore $keyloc --dump s3_creds_dump

#  runMember John $john what good bad
runMember() {
   id=$2 
   what="'$3'"
   role="[keyid:$pa].role:memberQ_([string:'proj1'],[string:$what])"
   prin="[keyid:$id]"
   echo " "
   echo "===$4============ PA.memberQ_("proj1",$what)<-?-$1"
   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"

   role="[keyid:$pa].role:memberQ([string:'proj1'],[string:$what])"
   prin="[keyid:$id]"
   echo " "
   echo "===$5============ PA.memberQ("proj1",$what)<-?-$1"
   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
}


runMember Dan $dan 'info' bad good
runMember Dan $dan 'stop' bad good
runMember Frank $frank 'info' good good
runMember Frank $frank 'stop' good good
runMember James $james 'info' bad good
runMember James $james 'stop' bad good
runMember Lisa $lisa 'info' bad good
runMember Lisa $lisa 'stop' bad good
runMember Tim $tim 'info' good good
runMember Tim $tim 'stop' good good

## special case,
role="[keyid:$john].role:memberQ([string:'proj2'],[string:'info'])"
prin="[keyid:$joe]"
echo " "
echo "===good============ John.memberQ("proj2","info")<-?-$ Joe"
$eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"


echo "\n\n"