source: examples/access_tests/creddy_prover/scenario_s1.sh @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 3.1 KB
Line 
1#!/bin/sh
2
3#####################################################################
4# scenario #1
5#    Explore simple user and project relationship
6#
7#  Drd, a geniPI, created a project 'proj1'
8#
9unset ABAC_CN
10keyloc=`pwd`
11sidx=s1
12
13makeWho() {
14    WHO=$1
15    rm -rf ${WHO}_*.pem
16    creddy --generate --cn ${WHO}
17}
18makeWho GR
19makeWho IDP
20makeWho EXO
21makeWho Drd
22
23g=`creddy --keyid --cert $keyloc/G_ID.pem`
24gr=`creddy --keyid --cert $keyloc/GR_ID.pem`
25pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
26sa=`creddy --keyid --cert $keyloc/SA_ID.pem`
27idp=`creddy --keyid --cert $keyloc/IDP_ID.pem`
28drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
29
30pname=${sidx}_yap_clauses
31namespace=access1
32sfile=sfile_${sidx}
33
34idp_gUser()
35{
36eval "namename=[keyid:\$$1]"
37attr="[keyid:$idp].role:geniUser <- $namename"
38name=${sidx}_IDP_gUser__$1_attr.der
39creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
40}
41
42###############################################################################
43echo "s/$g/G/g "  > $sfile 
44echo "s/$gr/GR/g "  >> $sfile 
45echo "s/$pa/PA/g "  >> $sfile
46echo "s/$sa/SA/g "  >> $sfile
47echo "s/$idp/IDP/g "  >> $sfile
48echo "s/$drd/Drd/g "  >> $sfile
49
50# G.geniRoot <- GR
51attr="[keyid:$g].role:geniRoot <- [keyid:$gr]"
52name=${sidx}_G_geniRoot__gr_attr.der
53creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
54
55# GR.sliceAuthority <- SA
56attr="[keyid:$gr].role:sliceAuthority <- [keyid:$sa]"
57name=${sidx}_GR_sliceAuthority__sa_attr.der
58creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
59
60# GR.identityProvider <- IDP
61attr="[keyid:$gr].role:identityProvider <- [keyid:$idp]"
62name=${sidx}_GR_identityProvider__idp_attr.der
63creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
64
65# GR.projectAuthority <- PA
66attr="[keyid:$gr].role:projectAuthority <- [keyid:$pa]"
67name=${sidx}_GR_projAuthority__pa_attr.der
68creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
69
70# IDP.geniUser <- Drd
71idp_gUser drd
72
73# IDP.geniPI <- Drd
74attr="[keyid:$idp].role:geniPI <- [keyid:$drd]"
75name=${sidx}_IDP_geniPI__drd_attr.der
76creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
77
78## drd requesting a proj1 from pa
79# Drd.project <- 'proj1'
80attr="[keyid:$drd].oset:project <- [string:'proj1']"
81name=${sidx}_Drd_project__proj1_attr.der
82creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
83# PA.standard <- 'proj1'
84attr="[keyid:$pa].oset:standard <- [string:'proj1']"
85name=${sidx}_PA_standard__proj1_attr.der
86creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
87# PA.owner('proj1') <- Drd
88attr="[keyid:$pa].role:owner([string:'proj1']) <- [keyid:$drd]"
89name=${sidx}_PA_owner_proj1__drd_attr.der
90creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
91# PA.root('proj1') <-Drd
92attr="[keyid:$pa].role:root([string:'proj1']) <- [keyid:$drd]"
93name=${sidx}_PA_root_proj1__drd_attr.der
94creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
Note: See TracBrowser for help on using the repository browser.