#!/usr/bin/env python

"""
  s5_query.py
using python api

"""

print("=====================s5_query.py==================")

import os
import ABAC

ctxt = ABAC.Context()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set, using current directory...")
    ctxt.load_directory(".")

##########################################################################
def get_next(CTXT) :
    while( 1 ) :
        print ("\nnext proof:")
        (success, out) = CTXT.next_proof()
        if(success) :
            for c in out:
                print "%s <- %s" % (c.head_string(), c.tail_string())
        else:
            print("no more..\n")
            return

# dump the loaded principals/policies
def dump_all(CTXT,msg) :
    out = CTXT.context_principals()
    print "\n...%s principal set..." % msg
    for x in out[1]:
        print "#PP# %s " % x.string()
    out = CTXT.context_credentials()
    print "\n...%s policy attribute set..." %msg
    for c in out[1]:
        print "#CC# %s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# retrieve principals' keyid value from local credential files
gID=ABAC.ID("G_ID.pem");
g=gID.id_keyid()

saID=ABAC.ID("SA_ID.pem");
sa=saID.id_keyid()

drdID=ABAC.ID("Drd_ID.pem");
drd=drdID.id_keyid()

johnID=ABAC.ID("John_ID.pem");
john=johnID.id_keyid()

timID=ABAC.ID("Tim_ID.pem");
tim=timID.id_keyid()

joeID=ABAC.ID("Joe_ID.pem");
joe=joeID.id_keyid()

danID=ABAC.ID("Dan_ID.pem");
dan=danID.id_keyid()

jamesID=ABAC.ID("James_ID.pem");
james=jamesID.id_keyid()

lisaID=ABAC.ID("Lisa_ID.pem");
lisa=lisaID.id_keyid()
##########################################################################
#dump_all(ctxt,"initial")
#ctxt.set_no_partial_proof()

##########################################################################
# [keyid:SA].role:controlsQ([string:'sliceA'],[string:'info']) <-?- [keyid:Lisa] 
role = ABAC.Role(sa,"controlsQ")
param1=ABAC.DataTerm("string", "'sliceA'")
param2=ABAC.DataTerm("string", "'info'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(lisa)

print "\n===good============ SA.controlsQ('sliceA','info') <-?- lisa"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
get_next(ctxt)

##########################################################################
# [keyid:SA].role:controlsQ_([string:'sliceB'],[string:'info']) <-?- [keyid:Lisa] 
role = ABAC.Role(sa,"controlsQ_")
param1=ABAC.DataTerm("string", "'sliceB'")
param2=ABAC.DataTerm("string", "'info'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(lisa)

print "\n===good============ SA.controlsQ_('sliceB','info') <-?- lisa"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# [keyid:SA].role:controlsQ_([string:'sliceB'],[string:'info']) <-?- [keyid:James] 
role = ABAC.Role(sa,"controlsQ_")
param1=ABAC.DataTerm("string", "'sliceB'")
param2=ABAC.DataTerm("string", "'info'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(james)

print "\n===good============ SA.controlsQ_('sliceB','info') <-?- James"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'info']) <-?- [keyid:Dan] 
role = ABAC.Role(sa,"controlsQ")
param1=ABAC.DataTerm("string", "'sliceB'")
param2=ABAC.DataTerm("string", "'info'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(dan)

print "\n===good============ SA.controlsQ('sliceB','info') <-?- Dan"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# [keyid:SA].role:controlsQ([string:'sliceA'],[string:'info']) <-?- [keyid:John] 
role = ABAC.Role(sa,"controlsQ")
param1=ABAC.DataTerm("string", "'sliceA'")
param2=ABAC.DataTerm("string", "'info'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(john)

print "\n===good============ SA.controlsQ('sliceA','info') <-?- John"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'instantiate']) <-?- [keyid:John] 
role = ABAC.Role(sa,"controlsQ")
param1=ABAC.DataTerm("string", "'sliceB'")
param2=ABAC.DataTerm("string", "'instantiate'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(john)

print "\n===bad============ SA.controlsQ('sliceB','instantiate') <-?- John"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'instantiate']) <-?- [keyid:Tim] 
role = ABAC.Role(sa,"controlsQ")
param1=ABAC.DataTerm("string", "'sliceB'")
param2=ABAC.DataTerm("string", "'instantiate'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(tim)

print "\n===bad============ SA.controlsQ('sliceB','instantiate') <-?- Tim"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'info']) <-?- [keyid:Tim] 
role = ABAC.Role(sa,"controlsQ")
param1=ABAC.DataTerm("string", "'sliceB'")
param2=ABAC.DataTerm("string", "'instantiate'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(tim)

print "\n===bad============ SA.controlsQ('sliceB','info') <-?- Tim"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'info']) <-?- [keyid:Joe] 
role = ABAC.Role(sa,"controlsQ")
param1=ABAC.DataTerm("string", "'sliceB'")
param2=ABAC.DataTerm("string", "'info'")
role.role_add_data_term(param1)
role.role_add_data_term(param2)
p = ABAC.Role(john)

print "\n===good============ SA.controlsQ('sliceB','info') <-?- Joe"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################

print("\n\n")