Context Navigation

source: examples/access_tests/creddy_prover/scenario_s3.sh @ 7751094

mei_rt2

Last change on this file since 7751094 was 2e9455f, checked in by Mei <mei@…>, 11 years ago
1) added namespace 2) tweak ?This, 3) allowing linking role/oset as constraining conditions 4) adding access_tests regression testing that uses GENI's access policy 5) added couple multi contexts regression tests 6) add compression/uncompression calls to abac_encode_string/abac_decode_string (libstrongwan only allows 512 char for attribute rule storage) 7) add attribute_now option to creddy that takes a whole char string for attribute rule
Property mode set to `100755`
File size: 10.2 KB

Line
1	#!/bin/sh
2
3	#####################################################################
4	# scenario #3
5	# Explores relationship between project and qualified member
6	#
7	# Drd, a geniPI, created a project 'proj1' and 'proj2'
8	# Drd grants memberQ/info to Lisa on proj1, memberQ/stop to James on proj1
9	# Drd grants memberQ_/info and memberQ_/stop to Tim
10	# Drd grants delegate_memberQ_/info to John and
11	# delegate_memberQ_/instantiate to Tim
12	# PA grants member/info to Tim
13	# PA grants memberQ/info and memberQ/stop to Dan
14	# PA grants memberQ_/info and memberQ_/stop to Frank and
15	# memberQ_/instantiate to Frank
16	# PA grants delegate_memberQ_/info to James and delegate_memberQ_/stop to Lisa
17	# PA grants delegate_memberQ_/info (proj2) to John
18	# John grants memberQ_/info (proj2) to James
19	# John grants memberQ/info (proj2) to Joe
20	#
21	unset ABAC_CN
22	keyloc=`pwd`
23	sidx=s3
24
25	makeWho() {
26	WHO=$1
27	rm -rf ${WHO}_*.pem
28	creddy --generate --cn ${WHO}
29	}
30	makeWho GR
31	makeWho IDP
32	makeWho EXO
33	makeWho Drd
34	makeWho Frank
35	makeWho Dan
36	makeWho Lisa
37	makeWho John
38	makeWho Joe
39	makeWho Tim
40	makeWho James
41
42	g=`creddy --keyid --cert $keyloc/G_ID.pem`
43	gr=`creddy --keyid --cert $keyloc/GR_ID.pem`
44	pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
45	sa=`creddy --keyid --cert $keyloc/SA_ID.pem`
46	idp=`creddy --keyid --cert $keyloc/IDP_ID.pem`
47	exo=`creddy --keyid --cert $keyloc/EXO_ID.pem`
48	drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
49	frank=`creddy --keyid --cert $keyloc/Frank_ID.pem`
50	dan=`creddy --keyid --cert $keyloc/Dan_ID.pem`
51	lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem`
52	john=`creddy --keyid --cert $keyloc/John_ID.pem`
53	joe=`creddy --keyid --cert $keyloc/Joe_ID.pem`
54	tim=`creddy --keyid --cert $keyloc/Tim_ID.pem`
55	james=`creddy --keyid --cert $keyloc/James_ID.pem`
56
57	pname=${sidx}_yap_clauses
58	namespace=access1
59	sfile=sfile_${sidx}
60
61	idp_gUser()
62	{
63	eval "namename=[keyid:\$$1]"
64	attr="[keyid:$idp].role:geniUser <- $namename"
65	name=${sidx}_IDP_gUser__$1_attr.der
66	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
67	}
68
69	## drd requesting a proj1 from pa
70	## makeProject $drd proj1 Drd
71	makeProject() {
72	what="'$2'"
73	# Drd.project <- 'proj1'
74	attr="[keyid:$1].oset:project <- [string:$what]"
75	name=${sidx}_$3_project__$2_attr.der
76	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
77	# PA.standard <- 'proj1'
78	attr="[keyid:$pa].oset:standard <- [string:$what]"
79	name=${sidx}_PA_standard__$2_attr.der
80	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
81	# PA.owner('proj1') <- Drd
82	attr="[keyid:$pa].role:owner([string:$what]) <- [keyid:$1]"
83	name=${sidx}_PA_owner_$2__$3_attr.der
84	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
85	# PA.root('proj1') <-Drd
86	attr="[keyid:$pa].role:root([string:$what]) <- [keyid:$1]"
87	name=${sidx}_PA_root_$2__$3_attr.der
88	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
89	}
90
91	###############################################################################
92	echo "s/$g/G/g " > $sfile
93	echo "s/$gr/GR/g " >> $sfile
94	echo "s/$pa/PA/g " >> $sfile
95	echo "s/$sa/SA/g " >> $sfile
96	echo "s/$idp/IDP/g " >> $sfile
97	echo "s/$exo/EXO/g " >> $sfile
98	echo "s/$drd/Drd/g " >> $sfile
99	echo "s/$frank/Frank/g " >> $sfile
100	echo "s/$dan/Dan/g " >> $sfile
101	echo "s/$lisa/Lisa/g " >> $sfile
102	echo "s/$john/John/g " >> $sfile
103	echo "s/$joe/Joe/g " >> $sfile
104	echo "s/$tim/Tim/g " >> $sfile
105	echo "s/$james/James/g " >> $sfile
106
107	# G.geniRoot <- GR
108	attr="[keyid:$g].role:geniRoot <- [keyid:$gr]"
109	name=${sidx}_G_geniRoot__gr_attr.der
110	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
111
112	# GR.sliceAuthorithority <- SA
113	attr="[keyid:$gr].role:sliceAuthority <- [keyid:$sa]"
114	name=${sidx}_GR_sliceAuthority__sa_attr.der
115	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
116
117	# GR.identityProvider <- IDP
118	attr="[keyid:$gr].role:identityProvider <- [keyid:$idp]"
119	name=${sidx}_GR_identityProvider__idp_attr.der
120	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
121
122	# GR.projectAuthority <- PA
123	attr="[keyid:$gr].role:projectAuthority <- [keyid:$pa]"
124	name=${sidx}_GR_projAuthority__pa_attr.der
125	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
126
127	# GR.aggregate <- EXO
128	attr="[keyid:$gr].role:aggregate <- [keyid:$exo]"
129	name=${sidx}_GR_aggregate__exo_attr.der
130	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
131
132	# IDP.geniUser <- Drd
133	idp_gUser drd
134	# IDP.geniUser <- Frank
135	idp_gUser frank
136	# IDP.geniUser <- Dan
137	idp_gUser dan
138	# IDP.geniUser <- Lisa
139	idp_gUser lisa
140	# IDP.geniUser <- John
141	idp_gUser john
142	# IDP.geniUser <- Joe
143	idp_gUser joe
144	# IDP.geniUser <- Tim
145	idp_gUser tim
146	# IDP.geniUser <- James
147	idp_gUser james
148
149	# IDP.geniPI <- Drd
150	attr="[keyid:$idp].role:geniPI <- [keyid:$drd]"
151	name=${sidx}_IDP_geniPI__drd_attr.der
152	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
153
154	## drd requesting a proj2 from pa
155	makeProject $drd proj2 Drd
156	## drd requesting a proj1 from pa
157	makeProject $drd proj1 Drd
158
159	## PA gives member permission on proj1 to Tim
160	attr="[keyid:$pa].role:member([string:'proj1']) <- [keyid:$tim]"
161	name=${sidx}_PA_member_proj1__tim_attr.der
162	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
163
164	## PA gives memberQ/info permission on proj1 to Dan
165	attr="[keyid:$pa].role:memberQ([string:'proj1'],[string:'info']) <- [keyid:$dan]"
166	name=${sidx}_PA_memberQ_proj1_info__dan_attr.der
167	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
168
169	## PA gives memberQ/stop permission on proj1 to Dan
170	attr="[keyid:$pa].role:memberQ([string:'proj1'],[string:'stop']) <- [keyid:$dan]"
171	name=${sidx}_PA_memberQ_proj1_stop__dan_attr.der
172	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
173
174	## PA gives memberQ/instantiate permission on proj1 to Frank
175	attr="[keyid:$pa].role:memberQ([string:'proj1'],[string:'instantiate']) <- [keyid:$frank]"
176	name=${sidx}_PA_memberQ_proj1_instantiate__frank_attr.der
177	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
178
179	## PA gives memberQ_/info permission on proj1 to Frank
180	attr="[keyid:$pa].role:memberQ_([string:'proj1'],[string:'info']) <- [keyid:$frank]"
181	name=${sidx}_PA_memberQDel_proj1__info_frank_attr.der
182	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
183
184	## PA gives memberQ_/stop permission on proj1 to Frank
185	attr="[keyid:$pa].role:memberQ_([string:'proj1'],[string:'stop']) <- [keyid:$frank]"
186	name=${sidx}_PA_memberQDel_proj1__stop_frank_attr.der
187	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
188
189	## PA gives memberQ_/instantiate permission on proj1 to John
190	attr="[keyid:$pa].role:memberQ_([string:'proj1'],[string:'instantiate']) <- [keyid:$john]"
191	name=${sidx}_PA_memberQDel_proj1_instantiate__john_attr.der
192	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
193
194	## PA gives delegate_memberQ_/info permission on proj1 to James
195	attr="[keyid:$pa].role:delegate_memberQ_([string:'proj1'],[string:'info']) <- [keyid:$james]"
196	name=${sidx}_PA_delmemberQDel_proj1_info__james_attr.der
197	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
198
199	## PA gives delegate_memberQ_/stop permission on proj1 to Lisa
200	attr="[keyid:$pa].role:delegate_memberQ_([string:'proj1'],[string:'stop']) <- [keyid:$lisa]"
201	name=${sidx}_PA_delmemberQDel_proj1_stop__lisa_attr.der
202	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
203
204	## Drd gives memberQ/info permission on proj1 to Lisa
205	attr="[keyid:$drd].role:memberQ([string:'proj1'],[string:'info']) <- [keyid:$lisa]"
206	name=${sidx}_Drd_memberQ_proj1_info__lisa_attr.der
207	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
208
209	## Drd gives memberQ/stop permission on proj1 to James
210	attr="[keyid:$drd].role:memberQ([string:'proj1'],[string:'stop']) <- [keyid:$james]"
211	name=${sidx}_Drd_memberQ_proj1_stop__james_attr.der
212	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
213
214	## Drd gives memberQ_/info permission on proj1 to Tim
215	attr="[keyid:$drd].role:memberQ_([string:'proj1'],[string:'info']) <- [keyid:$tim]"
216	name=${sidx}_Drd_memberQDel_proj1_info__tim_attr.der
217	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
218
219	## Drd gives memberQ_/stop permission on proj1 to Tim
220	attr="[keyid:$drd].role:memberQ_([string:'proj1'],[string:'stop']) <- [keyid:$tim]"
221	name=${sidx}_Drd_memberQDel_proj1_stop__tim_attr.der
222	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
223
224	## Drd gives delegate_memberQ_/info permission on proj1 to John
225	attr="[keyid:$drd].role:delegate_memberQ_([string:'proj1'],[string:'info']) <- [keyid:$john]"
226	name=${sidx}_Drd_delmemberQDel_proj1_info__john_attr.der
227	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
228
229	## Drd gives delegate_memberQ_/instantiate permission on proj1 to Tim
230	attr="[keyid:$drd].role:delegate_memberQ_([string:'proj1'],[string:'instantiate']) <- [keyid:$tim]"
231	name=${sidx}_Drd_delmemberQDel_proj1_instantiate__tim_attr.der
232	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
233
234
235	## PA gives info delegate_memberQ_/info permission on proj2 to John
236	attr="[keyid:$pa].role:delegate_memberQ_([string:'proj2'],[string:'info']) <- [keyid:$john]"
237	name=${sidx}_Drd_delmemberQDel_proj2_info__john_attr.der
238	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
239
240	## John gives memberQ_/info permission on proj2 to James
241	attr="[keyid:$john].role:memberQ_([string:'proj2'],[string:'info']) <- [keyid:$james]"
242	name=${sidx}_PA_memberQDel_proj2_info__james_attr.der
243	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
244
245	## John gives memberQ/info permission on proj2 to Joe
246	attr="[keyid:$john].role:memberQ([string:'proj2'],[string:'info']) <- [keyid:$joe]"
247	name=${sidx}_PA_memberQ_proj2_info__joe_attr.der
248	creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
249
250

Note: See TracBrowser for help on using the repository browser.

Download in other formats: