1 | #!/usr/bin/env python |
---|
2 | |
---|
3 | """ |
---|
4 | s4_query.py |
---|
5 | using python api |
---|
6 | |
---|
7 | """ |
---|
8 | |
---|
9 | print("=====================s4_query.py==================") |
---|
10 | |
---|
11 | import os |
---|
12 | import ABAC |
---|
13 | |
---|
14 | ctxt = ABAC.Context() |
---|
15 | |
---|
16 | # Keystore is the directory containing the principal credentials. |
---|
17 | # Load existing principals and/or policy credentials |
---|
18 | if (os.environ.has_key("keystore")) : |
---|
19 | keystore=os.environ["keystore"] |
---|
20 | ctxt.load_directory(keystore) |
---|
21 | else: |
---|
22 | print("keystore is not set, using current directory...") |
---|
23 | ctxt.load_directory(".") |
---|
24 | |
---|
25 | ########################################################################## |
---|
26 | def get_next(CTXT) : |
---|
27 | while( 1 ) : |
---|
28 | print ("\nnext proof:") |
---|
29 | (success, out) = CTXT.next_proof() |
---|
30 | if(success) : |
---|
31 | for c in out: |
---|
32 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
33 | else: |
---|
34 | print("no more..\n") |
---|
35 | return |
---|
36 | |
---|
37 | # dump the loaded principals/policies |
---|
38 | def dump_all(CTXT,msg) : |
---|
39 | out = CTXT.context_principals() |
---|
40 | print "\n...%s principal set..." % msg |
---|
41 | for x in out[1]: |
---|
42 | print "#PP# %s " % x.string() |
---|
43 | out = CTXT.context_credentials() |
---|
44 | print "\n...%s policy attribute set..." %msg |
---|
45 | for c in out[1]: |
---|
46 | print "#CC# %s <- %s" % (c.head_string(), c.tail_string()) |
---|
47 | |
---|
48 | ########################################################################## |
---|
49 | # retrieve principals' keyid value from local credential files |
---|
50 | saID=ABAC.ID("SA_ID.pem"); |
---|
51 | sa=saID.id_keyid() |
---|
52 | |
---|
53 | jimID=ABAC.ID("Jim_ID.pem"); |
---|
54 | jim=jimID.id_keyid() |
---|
55 | |
---|
56 | nancyID=ABAC.ID("Nancy_ID.pem"); |
---|
57 | nancy=nancyID.id_keyid() |
---|
58 | |
---|
59 | caryID=ABAC.ID("Cary_ID.pem"); |
---|
60 | cary=caryID.id_keyid() |
---|
61 | |
---|
62 | drdID=ABAC.ID("Drd_ID.pem"); |
---|
63 | drd=drdID.id_keyid() |
---|
64 | |
---|
65 | frankID=ABAC.ID("Frank_ID.pem"); |
---|
66 | frank=frankID.id_keyid() |
---|
67 | |
---|
68 | ########################################################################## |
---|
69 | #dump_all(ctxt,"initial") |
---|
70 | #ctxt.set_no_partial_proof() |
---|
71 | |
---|
72 | ########################################################################## |
---|
73 | # role=[keyid:SA].role:controls([string:'sliceA']) |
---|
74 | # p =[keyid:Frank] |
---|
75 | # |
---|
76 | role=ABAC.Role(sa,"controls") |
---|
77 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
78 | role.role_add_data_term(param) |
---|
79 | p = ABAC.Role(frank) |
---|
80 | |
---|
81 | print "\n===good============ SA.controls('sliceA') <-?- Frank" |
---|
82 | out = ctxt.query(role, p) |
---|
83 | for c in out[1]: |
---|
84 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
85 | get_next(ctxt) |
---|
86 | |
---|
87 | ########################################################################## |
---|
88 | # role=[keyid:SA].role:delegate_controls_([string:'sliceA']) |
---|
89 | # p =[keyid:Cary] |
---|
90 | # |
---|
91 | role=ABAC.Role(sa,"delegate_controls_") |
---|
92 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
93 | role.role_add_data_term(param) |
---|
94 | p = ABAC.Role(cary) |
---|
95 | |
---|
96 | print "\n===good============ SA.delegate_controls_('sliceA') <-?- Cary" |
---|
97 | out = ctxt.query(role, p) |
---|
98 | for c in out[1]: |
---|
99 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
100 | #get_next(ctxt) |
---|
101 | |
---|
102 | ########################################################################## |
---|
103 | # role=[keyid:SA].role:controls_([string:'sliceA']) |
---|
104 | # p =[keyid:Cary] |
---|
105 | # |
---|
106 | role=ABAC.Role(sa,"controls_") |
---|
107 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
108 | role.role_add_data_term(param) |
---|
109 | p = ABAC.Role(cary) |
---|
110 | |
---|
111 | print "\n===bad============ SA.controls_('sliceA') <-?- Cary" |
---|
112 | out = ctxt.query(role, p) |
---|
113 | for c in out[1]: |
---|
114 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
115 | #get_next(ctxt) |
---|
116 | |
---|
117 | ########################################################################## |
---|
118 | # role=[keyid:SA].role:controls([string:'sliceA']) |
---|
119 | # p =[keyid:Drd] |
---|
120 | role=ABAC.Role(sa,"controls") |
---|
121 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
122 | role.role_add_data_term(param) |
---|
123 | p = ABAC.Role(drd) |
---|
124 | |
---|
125 | print "\n===good============ SA.controls('sliceA') <-?- Drd" |
---|
126 | out = ctxt.query(role, p) |
---|
127 | for c in out[1]: |
---|
128 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
129 | get_next(ctxt) |
---|
130 | |
---|
131 | ########################################################################## |
---|
132 | # role=[keyid:SA].role:controls([string:'sliceA']) |
---|
133 | # p =[keyid:Cary] |
---|
134 | # |
---|
135 | role=ABAC.Role(sa,"controls") |
---|
136 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
137 | role.role_add_data_term(param) |
---|
138 | p = ABAC.Role(cary) |
---|
139 | |
---|
140 | print "\n===good============ SA.controls('sliceA') <-?- Cary" |
---|
141 | out = ctxt.query(role, p) |
---|
142 | for c in out[1]: |
---|
143 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
144 | #get_next(ctxt) |
---|
145 | |
---|
146 | ########################################################################## |
---|
147 | # role=[keyid:SA].role:delegate_controls_([string:'sliceA']) |
---|
148 | # p =[keyid:Jim] |
---|
149 | # |
---|
150 | role=ABAC.Role(sa,"delegate_controls_") |
---|
151 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
152 | role.role_add_data_term(param) |
---|
153 | p = ABAC.Role(jim) |
---|
154 | |
---|
155 | print "\n===good============ SA.delegate_controls_('sliceA') <-?- Jim" |
---|
156 | out = ctxt.query(role, p) |
---|
157 | for c in out[1]: |
---|
158 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
159 | #get_next(ctxt) |
---|
160 | |
---|
161 | ########################################################################## |
---|
162 | # role=[keyid:SA].role:controls_([string:'sliceA']) |
---|
163 | # p =[keyid:Cary] |
---|
164 | # |
---|
165 | role=ABAC.Role(sa,"controls_") |
---|
166 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
167 | role.role_add_data_term(param) |
---|
168 | p = ABAC.Role(jim) |
---|
169 | |
---|
170 | print "\n===bad============ SA.controls_('sliceA') <-?- Jim" |
---|
171 | out = ctxt.query(role, p) |
---|
172 | for c in out[1]: |
---|
173 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
174 | #get_next(ctxt) |
---|
175 | |
---|
176 | |
---|
177 | ########################################################################## |
---|
178 | # role=[keyid:SA].role:delegate_controls_([string:'sliceA']) |
---|
179 | # p =[keyid:Nancy] |
---|
180 | # |
---|
181 | role = ABAC.Role(sa,"delegate_controls_") |
---|
182 | param=ABAC.DataTerm("string", "'sliceA'") |
---|
183 | role.role_add_data_term(param) |
---|
184 | p = ABAC.Role(nancy) |
---|
185 | |
---|
186 | print "\n===bad============ SA.delegate_controls_('sliceA') <-?- Nancy" |
---|
187 | out = ctxt.query(role, p) |
---|
188 | for c in out[1]: |
---|
189 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
190 | #get_next(ctxt) |
---|
191 | |
---|
192 | print("\n\n") |
---|
193 | |
---|