#!/usr/bin/env python

"""
  s4_query.py
using python api

"""

print("=====================s4_query.py==================")

import os
import ABAC

ctxt = ABAC.Context()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set, using current directory...")
    ctxt.load_directory(".")

##########################################################################
def get_next(CTXT) :
    while( 1 ) :
        print ("\nnext proof:")
        (success, out) = CTXT.next_proof()
        if(success) :
            for c in out:
                print "%s <- %s" % (c.head_string(), c.tail_string())
        else:
            print("no more..\n")
            return

# dump the loaded principals/policies
def dump_all(CTXT,msg) :
    out = CTXT.context_principals()
    print "\n...%s principal set..." % msg
    for x in out[1]:
        print "#PP# %s " % x.string()
    out = CTXT.context_credentials()
    print "\n...%s policy attribute set..." %msg
    for c in out[1]:
        print "#CC# %s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# retrieve principals' keyid value from local credential files
saID=ABAC.ID("SA_ID.pem");
sa=saID.id_keyid()

jimID=ABAC.ID("Jim_ID.pem");
jim=jimID.id_keyid()

nancyID=ABAC.ID("Nancy_ID.pem");
nancy=nancyID.id_keyid()

caryID=ABAC.ID("Cary_ID.pem");
cary=caryID.id_keyid()

drdID=ABAC.ID("Drd_ID.pem");
drd=drdID.id_keyid()

frankID=ABAC.ID("Frank_ID.pem");
frank=frankID.id_keyid()

##########################################################################
#dump_all(ctxt,"initial")
#ctxt.set_no_partial_proof()

##########################################################################
# role=[keyid:SA].role:controls([string:'sliceA'])
# p =[keyid:Frank]
#
role=ABAC.Role(sa,"controls")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(frank)

print "\n===good============ SA.controls('sliceA') <-?- Frank"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
get_next(ctxt)

##########################################################################
# role=[keyid:SA].role:delegate_controls_([string:'sliceA'])
# p =[keyid:Cary]
#
role=ABAC.Role(sa,"delegate_controls_")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(cary)

print "\n===good============ SA.delegate_controls_('sliceA') <-?- Cary"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
#get_next(ctxt)

##########################################################################
# role=[keyid:SA].role:controls_([string:'sliceA'])
# p =[keyid:Cary]
#
role=ABAC.Role(sa,"controls_")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(cary)

print "\n===bad============ SA.controls_('sliceA') <-?- Cary"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
#get_next(ctxt)

##########################################################################
# role=[keyid:SA].role:controls([string:'sliceA'])
# p =[keyid:Drd]
role=ABAC.Role(sa,"controls")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(drd)

print "\n===good============ SA.controls('sliceA') <-?- Drd"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
get_next(ctxt)

##########################################################################
# role=[keyid:SA].role:controls([string:'sliceA'])
# p =[keyid:Cary]
#
role=ABAC.Role(sa,"controls")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(cary)

print "\n===good============ SA.controls('sliceA') <-?- Cary"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
#get_next(ctxt)

##########################################################################
# role=[keyid:SA].role:delegate_controls_([string:'sliceA'])
# p =[keyid:Jim]
#
role=ABAC.Role(sa,"delegate_controls_")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(jim)

print "\n===good============ SA.delegate_controls_('sliceA') <-?- Jim"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
#get_next(ctxt)

##########################################################################
# role=[keyid:SA].role:controls_([string:'sliceA'])
# p =[keyid:Cary]
#
role=ABAC.Role(sa,"controls_")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(jim)

print "\n===bad============ SA.controls_('sliceA') <-?- Jim"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
#get_next(ctxt)


##########################################################################
# role=[keyid:SA].role:delegate_controls_([string:'sliceA'])
# p =[keyid:Nancy]
#
role = ABAC.Role(sa,"delegate_controls_")
param=ABAC.DataTerm("string", "'sliceA'")
role.role_add_data_term(param)
p = ABAC.Role(nancy)

print "\n===bad============ SA.delegate_controls_('sliceA') <-?- Nancy"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
#get_next(ctxt)

print("\n\n")