source: examples/access_tests/creddy_prover/s4_query.py @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 5.4 KB
Line 
1#!/usr/bin/env python
2
3"""
4  s4_query.py
5using python api
6
7"""
8
9print("=====================s4_query.py==================")
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set, using current directory...")
23    ctxt.load_directory(".")
24
25##########################################################################
26def get_next(CTXT) :
27    while( 1 ) :
28        print ("\nnext proof:")
29        (success, out) = CTXT.next_proof()
30        if(success) :
31            for c in out:
32                print "%s <- %s" % (c.head_string(), c.tail_string())
33        else:
34            print("no more..\n")
35            return
36
37# dump the loaded principals/policies
38def dump_all(CTXT,msg) :
39    out = CTXT.context_principals()
40    print "\n...%s principal set..." % msg
41    for x in out[1]:
42        print "#PP# %s " % x.string()
43    out = CTXT.context_credentials()
44    print "\n...%s policy attribute set..." %msg
45    for c in out[1]:
46        print "#CC# %s <- %s" % (c.head_string(), c.tail_string())
47
48##########################################################################
49# retrieve principals' keyid value from local credential files
50saID=ABAC.ID("SA_ID.pem");
51sa=saID.id_keyid()
52
53jimID=ABAC.ID("Jim_ID.pem");
54jim=jimID.id_keyid()
55
56nancyID=ABAC.ID("Nancy_ID.pem");
57nancy=nancyID.id_keyid()
58
59caryID=ABAC.ID("Cary_ID.pem");
60cary=caryID.id_keyid()
61
62drdID=ABAC.ID("Drd_ID.pem");
63drd=drdID.id_keyid()
64
65frankID=ABAC.ID("Frank_ID.pem");
66frank=frankID.id_keyid()
67
68##########################################################################
69#dump_all(ctxt,"initial")
70#ctxt.set_no_partial_proof()
71
72##########################################################################
73# role=[keyid:SA].role:controls([string:'sliceA'])
74# p =[keyid:Frank]
75#
76role=ABAC.Role(sa,"controls")
77param=ABAC.DataTerm("string", "'sliceA'")
78role.role_add_data_term(param)
79p = ABAC.Role(frank)
80
81print "\n===good============ SA.controls('sliceA') <-?- Frank"
82out = ctxt.query(role, p)
83for c in out[1]:
84    print "%s <- %s" % (c.head_string(), c.tail_string())
85get_next(ctxt)
86
87##########################################################################
88# role=[keyid:SA].role:delegate_controls_([string:'sliceA'])
89# p =[keyid:Cary]
90#
91role=ABAC.Role(sa,"delegate_controls_")
92param=ABAC.DataTerm("string", "'sliceA'")
93role.role_add_data_term(param)
94p = ABAC.Role(cary)
95
96print "\n===good============ SA.delegate_controls_('sliceA') <-?- Cary"
97out = ctxt.query(role, p)
98for c in out[1]:
99    print "%s <- %s" % (c.head_string(), c.tail_string())
100#get_next(ctxt)
101
102##########################################################################
103# role=[keyid:SA].role:controls_([string:'sliceA'])
104# p =[keyid:Cary]
105#
106role=ABAC.Role(sa,"controls_")
107param=ABAC.DataTerm("string", "'sliceA'")
108role.role_add_data_term(param)
109p = ABAC.Role(cary)
110
111print "\n===bad============ SA.controls_('sliceA') <-?- Cary"
112out = ctxt.query(role, p)
113for c in out[1]:
114    print "%s <- %s" % (c.head_string(), c.tail_string())
115#get_next(ctxt)
116
117##########################################################################
118# role=[keyid:SA].role:controls([string:'sliceA'])
119# p =[keyid:Drd]
120role=ABAC.Role(sa,"controls")
121param=ABAC.DataTerm("string", "'sliceA'")
122role.role_add_data_term(param)
123p = ABAC.Role(drd)
124
125print "\n===good============ SA.controls('sliceA') <-?- Drd"
126out = ctxt.query(role, p)
127for c in out[1]:
128    print "%s <- %s" % (c.head_string(), c.tail_string())
129get_next(ctxt)
130
131##########################################################################
132# role=[keyid:SA].role:controls([string:'sliceA'])
133# p =[keyid:Cary]
134#
135role=ABAC.Role(sa,"controls")
136param=ABAC.DataTerm("string", "'sliceA'")
137role.role_add_data_term(param)
138p = ABAC.Role(cary)
139
140print "\n===good============ SA.controls('sliceA') <-?- Cary"
141out = ctxt.query(role, p)
142for c in out[1]:
143    print "%s <- %s" % (c.head_string(), c.tail_string())
144#get_next(ctxt)
145
146##########################################################################
147# role=[keyid:SA].role:delegate_controls_([string:'sliceA'])
148# p =[keyid:Jim]
149#
150role=ABAC.Role(sa,"delegate_controls_")
151param=ABAC.DataTerm("string", "'sliceA'")
152role.role_add_data_term(param)
153p = ABAC.Role(jim)
154
155print "\n===good============ SA.delegate_controls_('sliceA') <-?- Jim"
156out = ctxt.query(role, p)
157for c in out[1]:
158    print "%s <- %s" % (c.head_string(), c.tail_string())
159#get_next(ctxt)
160
161##########################################################################
162# role=[keyid:SA].role:controls_([string:'sliceA'])
163# p =[keyid:Cary]
164#
165role=ABAC.Role(sa,"controls_")
166param=ABAC.DataTerm("string", "'sliceA'")
167role.role_add_data_term(param)
168p = ABAC.Role(jim)
169
170print "\n===bad============ SA.controls_('sliceA') <-?- Jim"
171out = ctxt.query(role, p)
172for c in out[1]:
173    print "%s <- %s" % (c.head_string(), c.tail_string())
174#get_next(ctxt)
175
176
177##########################################################################
178# role=[keyid:SA].role:delegate_controls_([string:'sliceA'])
179# p =[keyid:Nancy]
180#
181role = ABAC.Role(sa,"delegate_controls_")
182param=ABAC.DataTerm("string", "'sliceA'")
183role.role_add_data_term(param)
184p = ABAC.Role(nancy)
185
186print "\n===bad============ SA.delegate_controls_('sliceA') <-?- Nancy"
187out = ctxt.query(role, p)
188for c in out[1]:
189    print "%s <- %s" % (c.head_string(), c.tail_string())
190#get_next(ctxt)
191
192print("\n\n")
193
Note: See TracBrowser for help on using the repository browser.