source: examples/access_tests/creddy_prover/s5_query.py @ 7751094

mei_rt2
Last change on this file since 7751094 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 6.7 KB
Line 
1#!/usr/bin/env python
2
3"""
4  s5_query.py
5using python api
6
7"""
8
9print("=====================s5_query.py==================")
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set, using current directory...")
23    ctxt.load_directory(".")
24
25##########################################################################
26def get_next(CTXT) :
27    while( 1 ) :
28        print ("\nnext proof:")
29        (success, out) = CTXT.next_proof()
30        if(success) :
31            for c in out:
32                print "%s <- %s" % (c.head_string(), c.tail_string())
33        else:
34            print("no more..\n")
35            return
36
37# dump the loaded principals/policies
38def dump_all(CTXT,msg) :
39    out = CTXT.context_principals()
40    print "\n...%s principal set..." % msg
41    for x in out[1]:
42        print "#PP# %s " % x.string()
43    out = CTXT.context_credentials()
44    print "\n...%s policy attribute set..." %msg
45    for c in out[1]:
46        print "#CC# %s <- %s" % (c.head_string(), c.tail_string())
47
48##########################################################################
49# retrieve principals' keyid value from local credential files
50gID=ABAC.ID("G_ID.pem");
51g=gID.id_keyid()
52
53saID=ABAC.ID("SA_ID.pem");
54sa=saID.id_keyid()
55
56drdID=ABAC.ID("Drd_ID.pem");
57drd=drdID.id_keyid()
58
59johnID=ABAC.ID("John_ID.pem");
60john=johnID.id_keyid()
61
62timID=ABAC.ID("Tim_ID.pem");
63tim=timID.id_keyid()
64
65joeID=ABAC.ID("Joe_ID.pem");
66joe=joeID.id_keyid()
67
68danID=ABAC.ID("Dan_ID.pem");
69dan=danID.id_keyid()
70
71jamesID=ABAC.ID("James_ID.pem");
72james=jamesID.id_keyid()
73
74lisaID=ABAC.ID("Lisa_ID.pem");
75lisa=lisaID.id_keyid()
76##########################################################################
77#dump_all(ctxt,"initial")
78#ctxt.set_no_partial_proof()
79
80##########################################################################
81# [keyid:SA].role:controlsQ([string:'sliceA'],[string:'info']) <-?- [keyid:Lisa]
82role = ABAC.Role(sa,"controlsQ")
83param1=ABAC.DataTerm("string", "'sliceA'")
84param2=ABAC.DataTerm("string", "'info'")
85role.role_add_data_term(param1)
86role.role_add_data_term(param2)
87p = ABAC.Role(lisa)
88
89print "\n===good============ SA.controlsQ('sliceA','info') <-?- lisa"
90out = ctxt.query(role, p)
91for c in out[1]:
92    print "%s <- %s" % (c.head_string(), c.tail_string())
93get_next(ctxt)
94
95##########################################################################
96# [keyid:SA].role:controlsQ_([string:'sliceB'],[string:'info']) <-?- [keyid:Lisa]
97role = ABAC.Role(sa,"controlsQ_")
98param1=ABAC.DataTerm("string", "'sliceB'")
99param2=ABAC.DataTerm("string", "'info'")
100role.role_add_data_term(param1)
101role.role_add_data_term(param2)
102p = ABAC.Role(lisa)
103
104print "\n===good============ SA.controlsQ_('sliceB','info') <-?- lisa"
105out = ctxt.query(role, p)
106for c in out[1]:
107    print "%s <- %s" % (c.head_string(), c.tail_string())
108
109##########################################################################
110# [keyid:SA].role:controlsQ_([string:'sliceB'],[string:'info']) <-?- [keyid:James]
111role = ABAC.Role(sa,"controlsQ_")
112param1=ABAC.DataTerm("string", "'sliceB'")
113param2=ABAC.DataTerm("string", "'info'")
114role.role_add_data_term(param1)
115role.role_add_data_term(param2)
116p = ABAC.Role(james)
117
118print "\n===good============ SA.controlsQ_('sliceB','info') <-?- James"
119out = ctxt.query(role, p)
120for c in out[1]:
121    print "%s <- %s" % (c.head_string(), c.tail_string())
122
123##########################################################################
124# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'info']) <-?- [keyid:Dan]
125role = ABAC.Role(sa,"controlsQ")
126param1=ABAC.DataTerm("string", "'sliceB'")
127param2=ABAC.DataTerm("string", "'info'")
128role.role_add_data_term(param1)
129role.role_add_data_term(param2)
130p = ABAC.Role(dan)
131
132print "\n===good============ SA.controlsQ('sliceB','info') <-?- Dan"
133out = ctxt.query(role, p)
134for c in out[1]:
135    print "%s <- %s" % (c.head_string(), c.tail_string())
136
137##########################################################################
138# [keyid:SA].role:controlsQ([string:'sliceA'],[string:'info']) <-?- [keyid:John]
139role = ABAC.Role(sa,"controlsQ")
140param1=ABAC.DataTerm("string", "'sliceA'")
141param2=ABAC.DataTerm("string", "'info'")
142role.role_add_data_term(param1)
143role.role_add_data_term(param2)
144p = ABAC.Role(john)
145
146print "\n===good============ SA.controlsQ('sliceA','info') <-?- John"
147out = ctxt.query(role, p)
148for c in out[1]:
149    print "%s <- %s" % (c.head_string(), c.tail_string())
150
151##########################################################################
152# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'instantiate']) <-?- [keyid:John]
153role = ABAC.Role(sa,"controlsQ")
154param1=ABAC.DataTerm("string", "'sliceB'")
155param2=ABAC.DataTerm("string", "'instantiate'")
156role.role_add_data_term(param1)
157role.role_add_data_term(param2)
158p = ABAC.Role(john)
159
160print "\n===bad============ SA.controlsQ('sliceB','instantiate') <-?- John"
161out = ctxt.query(role, p)
162for c in out[1]:
163    print "%s <- %s" % (c.head_string(), c.tail_string())
164
165##########################################################################
166# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'instantiate']) <-?- [keyid:Tim]
167role = ABAC.Role(sa,"controlsQ")
168param1=ABAC.DataTerm("string", "'sliceB'")
169param2=ABAC.DataTerm("string", "'instantiate'")
170role.role_add_data_term(param1)
171role.role_add_data_term(param2)
172p = ABAC.Role(tim)
173
174print "\n===bad============ SA.controlsQ('sliceB','instantiate') <-?- Tim"
175out = ctxt.query(role, p)
176for c in out[1]:
177    print "%s <- %s" % (c.head_string(), c.tail_string())
178
179##########################################################################
180# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'info']) <-?- [keyid:Tim]
181role = ABAC.Role(sa,"controlsQ")
182param1=ABAC.DataTerm("string", "'sliceB'")
183param2=ABAC.DataTerm("string", "'instantiate'")
184role.role_add_data_term(param1)
185role.role_add_data_term(param2)
186p = ABAC.Role(tim)
187
188print "\n===bad============ SA.controlsQ('sliceB','info') <-?- Tim"
189out = ctxt.query(role, p)
190for c in out[1]:
191    print "%s <- %s" % (c.head_string(), c.tail_string())
192
193##########################################################################
194# [keyid:SA].role:controlsQ([string:'sliceB'],[string:'info']) <-?- [keyid:Joe]
195role = ABAC.Role(sa,"controlsQ")
196param1=ABAC.DataTerm("string", "'sliceB'")
197param2=ABAC.DataTerm("string", "'info'")
198role.role_add_data_term(param1)
199role.role_add_data_term(param2)
200p = ABAC.Role(john)
201
202print "\n===good============ SA.controlsQ('sliceB','info') <-?- Joe"
203out = ctxt.query(role, p)
204for c in out[1]:
205    print "%s <- %s" % (c.head_string(), c.tail_string())
206
207##########################################################################
208
209print("\n\n")
Note: See TracBrowser for help on using the repository browser.