source: examples/access_tests/creddy_prover/s6_query.py @ b4b0d0a

mei_rt2
Last change on this file since b4b0d0a was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 6.4 KB
Line 
1#!/usr/bin/env python
2
3"""
4  s6_query.py
5using python api
6
7"""
8
9print("=====================s6_query.py==================")
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set, using current directory...")
23    ctxt.load_directory(".")
24
25##########################################################################
26def get_next(CTXT) :
27    while( 1 ) :
28        print ("\nnext proof:")
29        (success, out) = CTXT.next_proof()
30        if(success) :
31            for c in out:
32                print "%s <- %s" % (c.head_string(), c.tail_string())
33        else:
34            print("no more..\n")
35            return
36
37# dump the loaded principals/policies
38def dump_all(CTXT,msg) :
39    out = CTXT.context_principals()
40    print "\n...%s principal set..." % msg
41    for x in out[1]:
42        print "#PP# %s " % x.string()
43    out = CTXT.context_credentials()
44    print "\n...%s policy attribute set..." %msg
45    for c in out[1]:
46        print "#CC# %s <- %s" % (c.head_string(), c.tail_string())
47
48##########################################################################
49# retrieve principals' keyid value from local credential files
50gID=ABAC.ID("G_ID.pem");
51g=gID.id_keyid()
52
53saID=ABAC.ID("SA_ID.pem");
54sa=saID.id_keyid()
55
56paID=ABAC.ID("PA_ID.pem");
57pa=paID.id_keyid()
58
59drdID=ABAC.ID("Drd_ID.pem");
60drd=drdID.id_keyid()
61
62frankID=ABAC.ID("Frank_ID.pem");
63frank=frankID.id_keyid()
64
65danID=ABAC.ID("Dan_ID.pem");
66dan=danID.id_keyid()
67
68aliceID=ABAC.ID("Alice_ID.pem");
69alice=aliceID.id_keyid()
70
71lisaID=ABAC.ID("Lisa_ID.pem");
72lisa=lisaID.id_keyid()
73
74##########################################################################
75dump_all(ctxt,"initial")
76#ctxt.set_no_partial_proof()
77
78##########################################################################
79# [keyid:SA].role:controlsQ(string:'sliceA'],[string:'info']) <-?- [keyid:Drd]
80role = ABAC.Role(sa,"controlsQ")
81param1=ABAC.DataTerm("string", "'sliceA'")
82param2=ABAC.DataTerm("string", "'info'")
83role.role_add_data_term(param1)
84role.role_add_data_term(param2)
85p = ABAC.Role(drd)
86print "\n===good============ SA.controlsQ('sliceA','info') <-?- Drd"
87out = ctxt.query(role, p)
88for c in out[1]:
89    print "%s <- %s" % (c.head_string(), c.tail_string())
90#get_next(ctxt)
91
92##########################################################################
93# [keyid:SA].role:createSlice(string:'proj1']) <-?- [keyid:Drd]
94role = ABAC.Role(sa,"createSlice")
95param=ABAC.DataTerm("string", "'proj1'")
96role.role_add_data_term(param)
97p = ABAC.Role(drd)
98print "\n===good============ SA.createSlice('proj1') <-?- Drd"
99out = ctxt.query(role, p)
100for c in out[1]:
101    print "%s <- %s" % (c.head_string(), c.tail_string())
102
103##########################################################################
104oset = ABAC.Oset(sa,"Standard")
105term=ABAC.DataTerm("string", "'sliceA'")
106p = ABAC.Oset(term)
107print "\n===good============ SA.Stanard <-?- 'sliceA'"
108out = ctxt.query(oset, p)
109for c in out[1]:
110    print "%s <- %s" % (c.head_string(), c.tail_string())
111
112##########################################################################
113oset = ABAC.Oset(sa,"inProject")
114param=ABAC.DataTerm("string", "'proj1'")
115oset.oset_add_data_term(param)
116term=ABAC.DataTerm("string", "'sliceA'")
117p = ABAC.Oset(term)
118print "\n===good============ SA.inProject('proj1') <-?- 'sliceA'"
119out = ctxt.query(oset, p)
120for c in out[1]:
121    print "%s <- %s" % (c.head_string(), c.tail_string())
122
123##########################################################################
124# [keyid:SA].oset:inStdProject("proj1") <- "sliceA"
125oset = ABAC.Oset(sa,"inStdProject")
126param=ABAC.DataTerm("string", "'proj1'")
127oset.oset_add_data_term(param)
128term=ABAC.DataTerm("string", "'sliceA'")
129p = ABAC.Oset(term)
130print "\n===good============ SA.inStdProject('proj1') <-?- 'sliceA'"
131out = ctxt.query(oset, p)
132for c in out[1]:
133    print "%s <- %s" % (c.head_string(), c.tail_string())
134
135##########################################################################
136# [keyid:SA].role:createSlice(string:'proj1']) <-?- [keyid:lisa]
137role = ABAC.Role(sa,"createSlice")
138param=ABAC.DataTerm("string", "'proj1'")
139role.role_add_data_term(param)
140p = ABAC.Role(lisa)
141print "\n===good============ SA.createSlice('proj1') <-?- lisa"
142out = ctxt.query(role, p)
143for c in out[1]:
144    print "%s <- %s" % (c.head_string(), c.tail_string())
145get_next(ctxt)
146
147##########################################################################
148# [keyid:SA].role:createSlice(string:'proj1']) <-?- [keyid:Dan]
149role = ABAC.Role(sa,"createSlice")
150param=ABAC.DataTerm("string", "'proj1'")
151role.role_add_data_term(param)
152p = ABAC.Role(dan)
153print "\n===good============ SA.createSlice('proj1') <-?- Dan"
154out = ctxt.query(role, p)
155for c in out[1]:
156    print "%s <- %s" % (c.head_string(), c.tail_string())
157get_next(ctxt)
158
159##########################################################################
160# [keyid:SA].role:createSlice(string:'proj1']) <-?- [keyid:Frank]
161role = ABAC.Role(sa,"createSlice")
162param=ABAC.DataTerm("string", "'proj1'")
163role.role_add_data_term(param)
164p = ABAC.Role(frank)
165print "\n===bad============ SA.createSlice('proj1') <-?- Frank"
166out = ctxt.query(role, p)
167for c in out[1]:
168    print "%s <- %s" % (c.head_string(), c.tail_string())
169
170##########################################################################
171#(SA.projectAuthority).memberQ(?P, "instantiate")
172# [keyid:PA].role:memberQ(string:'proj1'],[string:'instantiate']) <-?- [keyid:Dan]
173role = ABAC.Role(pa,"memberQ")
174param1=ABAC.DataTerm("string", "'proj1'")
175param2=ABAC.DataTerm("string", "'instantiate'")
176role.role_add_data_term(param1)
177role.role_add_data_term(param2)
178p = ABAC.Role(dan)
179print "\n===good============ PA.memberQ('proj1','instantiate') <-?- Dan"
180out = ctxt.query(role, p)
181for c in out[1]:
182    print "%s <- %s" % (c.head_string(), c.tail_string())
183get_next(ctxt)
184
185##########################################################################
186# speaksFor((SA.projectAuthority).memberQ(?P, "instantiate")
187# attr="[keyid:$sa].role:speaksFor([keyid:$dan]) <- [keyid:$frank]"
188role = ABAC.Role(sa,"speaksFor")
189param=ABAC.DataTerm(danID)
190role.role_add_data_term(param)
191p = ABAC.Role(frank)
192print "\n===bad============ SA.speaksFor(Dan) <-?- Frank"
193out = ctxt.query(role, p)
194for c in out[1]:
195    print "%s <- %s" % (c.head_string(), c.tail_string())
196get_next(ctxt)
197
198
199print("\n\n")
Note: See TracBrowser for help on using the repository browser.