source: examples/access_tests/creddy_prover/s4_run_query @ 11ca336

#!/bin/sh 

# geni s4_run_query
# using aba_prover_yap

echo "=====================s4_run_query=================="

pwd=`pwd`

eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
if [ "$eloc" = "" ]; then
  echo "ERROR: abac_prover_yap is not in the search path!!!"
  exit 1
fi

keyloc=$pwd

g=`creddy --keyid --cert $keyloc/G_ID.pem`
sa=`creddy --keyid --cert $keyloc/SA_ID.pem`

drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
frank=`creddy --keyid --cert $keyloc/Frank_ID.pem`
dan=`creddy --keyid --cert $keyloc/Dan_ID.pem`
jim=`creddy --keyid --cert $keyloc/Jim_ID.pem`
nancy=`creddy --keyid --cert $keyloc/Nancy_ID.pem`
lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem`
cary=`creddy --keyid --cert $keyloc/Cary_ID.pem`
alice=`creddy --keyid --cert $keyloc/Alice_ID.pem`

## dump all credentials 
env ABAC_CN=1 $eloc/abac_prover_yap  --keystore $keyloc --dump s4_creds_dump

#  runControls Cary $cary slice good bad
runControls() {
   id=$2 
   slice="'$3'"
   role="[keyid:$sa].role:controls_([string:$slice])"
   prin="[keyid:$id]"
   echo " "
   echo "===$4============ SA.controls_($3)<-?-$1"
   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"

   role="[keyid:$sa].role:controls([string:$slice])"
   prin="[keyid:$id]"
   echo " "
   echo "===$5============ SA.controls("$3")<-?-$1"
   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
}


## SA.controls_("sliceA") <- Cary
#[keyid:SA].role:controls_([string:'sliceA']) <-?- [keyid:Cary] 
## SA.controls("sliceA") <- Cary
#[keyid:SA].role:controls([string:'sliceA']) <-?- [keyid:Cary] 

runControls Frank $frank sliceA bad good
runControls Dan $dan sliceA good good
runControls Dan $dan sliceB good good
runControls Jim $jim sliceA bad good
runControls Nancy $nancy sliceA good good
runControls Lisa $lisa sliceA bad good
runControls Cary $cary sliceA bad good
runControls Alice $alice sliceA good good
runControls Drd $drd sliceA good good

echo "\n\n"