[2e9455f] | 1 | #!/bin/sh |
---|
| 2 | |
---|
| 3 | ##################################################################### |
---|
| 4 | # scenario #4 |
---|
| 5 | # Explores relationship between slice and controls |
---|
| 6 | # |
---|
| 7 | # Drd, a geniPI, created(owner of) slices 'sliceA' and 'sliceB' |
---|
| 8 | # Drd grant Frank, a geniUser, controls permission on 'sliceA' |
---|
| 9 | # Drd grant Dan, a geniUser, controls_ permission on 'sliceA' |
---|
| 10 | # Drd grant Jim, a geniUser, delegate_controls_ permission on 'sliceA' |
---|
| 11 | # Jim grant Nancy, a geniUser, controls_ permission on 'sliceA' |
---|
| 12 | # SA grant Lisa, a geniUser, controls permission on 'sliceA' |
---|
| 13 | # SA grant Dan, a geniUser, controls_ permission on 'sliceA' |
---|
| 14 | # SA grant Dan, a geniUser, controls_ permission on 'sliceB' |
---|
| 15 | # SA grant Cary, a geniUser, delegate_controls_ permission on 'sliceA' |
---|
| 16 | # SA grant Alice, a geniUser, controls_ permission on 'sliceB' |
---|
| 17 | # SA grant Alice, a geniUser, controls_ permission on 'sliceA' |
---|
| 18 | # |
---|
| 19 | unset ABAC_CN |
---|
| 20 | keyloc=`pwd` |
---|
| 21 | sidx=s4 |
---|
| 22 | |
---|
| 23 | makeWho() { |
---|
| 24 | WHO=$1 |
---|
| 25 | rm -rf ${WHO}_*.pem |
---|
| 26 | creddy --generate --cn ${WHO} |
---|
| 27 | } |
---|
| 28 | makeWho GR |
---|
| 29 | makeWho IDP |
---|
| 30 | makeWho EXO |
---|
| 31 | makeWho Drd |
---|
| 32 | makeWho Frank |
---|
| 33 | makeWho Dan |
---|
| 34 | makeWho Lisa |
---|
| 35 | makeWho Cary |
---|
| 36 | makeWho Jim |
---|
| 37 | makeWho Nancy |
---|
| 38 | makeWho Alice |
---|
| 39 | |
---|
| 40 | g=`creddy --keyid --cert $keyloc/G_ID.pem` |
---|
| 41 | gr=`creddy --keyid --cert $keyloc/GR_ID.pem` |
---|
| 42 | pa=`creddy --keyid --cert $keyloc/PA_ID.pem` |
---|
| 43 | sa=`creddy --keyid --cert $keyloc/SA_ID.pem` |
---|
| 44 | idp=`creddy --keyid --cert $keyloc/IDP_ID.pem` |
---|
| 45 | exo=`creddy --keyid --cert $keyloc/EXO_ID.pem` |
---|
| 46 | drd=`creddy --keyid --cert $keyloc/Drd_ID.pem` |
---|
| 47 | frank=`creddy --keyid --cert $keyloc/Frank_ID.pem` |
---|
| 48 | dan=`creddy --keyid --cert $keyloc/Dan_ID.pem` |
---|
| 49 | lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem` |
---|
| 50 | cary=`creddy --keyid --cert $keyloc/Cary_ID.pem` |
---|
| 51 | jim=`creddy --keyid --cert $keyloc/Jim_ID.pem` |
---|
| 52 | nancy=`creddy --keyid --cert $keyloc/Nancy_ID.pem` |
---|
| 53 | alice=`creddy --keyid --cert $keyloc/Alice_ID.pem` |
---|
| 54 | |
---|
| 55 | pname=${sidx}_yap_clauses |
---|
| 56 | namespace=access1 |
---|
| 57 | sfile=sfile_${sidx} |
---|
| 58 | |
---|
| 59 | idp_gUser() |
---|
| 60 | { |
---|
| 61 | eval "namename=[keyid:\$$1]" |
---|
| 62 | attr="[keyid:$idp].role:geniUser <- $namename" |
---|
| 63 | name=${sidx}_IDP_gUser__$1_attr.der |
---|
| 64 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 65 | } |
---|
| 66 | |
---|
| 67 | ## drd requesting a sliceA from ps |
---|
| 68 | ## makeSlice $drd sliceA Drd |
---|
| 69 | makeSlice() { |
---|
| 70 | what="'$2'" |
---|
| 71 | # Drd.slice <- 'sliceA' |
---|
| 72 | attr="[keyid:$1].oset:slice <- [string:$what]" |
---|
| 73 | name=${sidx}_$3_slice__$2_attr.der |
---|
| 74 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 75 | # SA.standard <- 'sliceA' |
---|
| 76 | attr="[keyid:$sa].oset:standard <- [string:$what]" |
---|
| 77 | name=${sidx}_SA_standard__$2_attr.der |
---|
| 78 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 79 | # SA.owner('sliceA') <- Drd |
---|
| 80 | attr="[keyid:$sa].role:owner([string:$what]) <- [keyid:$1]" |
---|
| 81 | name=${sidx}_SA_owner_$2__$3_attr.der |
---|
| 82 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 83 | # SA.root('sliceA') <-Drd |
---|
| 84 | attr="[keyid:$sa].role:root([string:$what]) <- [keyid:$1]" |
---|
| 85 | name=${sidx}_SA_root_$2__$3_attr.der |
---|
| 86 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 87 | } |
---|
| 88 | |
---|
| 89 | ############################################################################### |
---|
| 90 | echo "s/$g/G/g " > $sfile |
---|
| 91 | echo "s/$gr/GR/g " >> $sfile |
---|
| 92 | echo "s/$sa/SA/g " >> $sfile |
---|
| 93 | echo "s/$sa/SA/g " >> $sfile |
---|
| 94 | echo "s/$idp/IDP/g " >> $sfile |
---|
| 95 | echo "s/$exo/EXO/g " >> $sfile |
---|
| 96 | echo "s/$drd/Drd/g " >> $sfile |
---|
| 97 | echo "s/$frank/Frank/g " >> $sfile |
---|
| 98 | echo "s/$dan/Dan/g " >> $sfile |
---|
| 99 | echo "s/$lisa/Lisa/g " >> $sfile |
---|
| 100 | echo "s/$cary/Cary/g " >> $sfile |
---|
| 101 | echo "s/$jim/Jim/g " >> $sfile |
---|
| 102 | echo "s/$nancy/Nancy/g " >> $sfile |
---|
| 103 | echo "s/$alice/Alice/g " >> $sfile |
---|
| 104 | |
---|
| 105 | # G.geniRoot <- GR |
---|
| 106 | attr="[keyid:$g].role:geniRoot <- [keyid:$gr]" |
---|
| 107 | name=${sidx}_G_geniRoot__gr_attr.der |
---|
| 108 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 109 | |
---|
| 110 | # GR.sliceAuthority <- SA |
---|
| 111 | attr="[keyid:$gr].role:sliceAuthority <- [keyid:$sa]" |
---|
| 112 | name=${sidx}_GR_sliceAuthority__sa_attr.der |
---|
| 113 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 114 | |
---|
| 115 | # GR.identityProvider <- IDP |
---|
| 116 | attr="[keyid:$gr].role:identityProvider <- [keyid:$idp]" |
---|
| 117 | name=${sidx}_GR_identityProvider__idp_attr.der |
---|
| 118 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 119 | |
---|
| 120 | # GR.projectAuthority <- PA |
---|
| 121 | attr="[keyid:$gr].role:projectAuthority <- [keyid:$pa]" |
---|
| 122 | name=${sidx}_GR_projAuthority__pa_attr.der |
---|
| 123 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 124 | |
---|
| 125 | # GR.aggregate <- EXO |
---|
| 126 | attr="[keyid:$gr].role:aggregate <- [keyid:$exo]" |
---|
| 127 | name=${sidx}_GR_aggregate__exo_attr.der |
---|
| 128 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 129 | |
---|
| 130 | # IDP.geniUser <- Drd |
---|
| 131 | idp_gUser drd |
---|
| 132 | # IDP.geniUser <- Frank |
---|
| 133 | idp_gUser frank |
---|
| 134 | # IDP.geniUser <- Dan |
---|
| 135 | idp_gUser dan |
---|
| 136 | # IDP.geniUser <- Lisa |
---|
| 137 | idp_gUser lisa |
---|
| 138 | # IDP.geniUser <- Cary |
---|
| 139 | idp_gUser cary |
---|
| 140 | # IDP.geniUser <- Jim |
---|
| 141 | idp_gUser jim |
---|
| 142 | # IDP.geniUser <- Nancy |
---|
| 143 | idp_gUser nancy |
---|
| 144 | # IDP.geniUser <- Alice |
---|
| 145 | idp_gUser alice |
---|
| 146 | |
---|
| 147 | # IDP.geniPI <- Drd |
---|
| 148 | attr="[keyid:$idp].role:geniPI <- [keyid:$drd]" |
---|
| 149 | name=${sidx}_IDP_geniPI__drd_attr.der |
---|
| 150 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 151 | |
---|
| 152 | ## drd requesting a sliceA from sa |
---|
| 153 | makeSlice $drd sliceA Drd |
---|
| 154 | ## drd requesting a sliceB from sa |
---|
| 155 | makeSlice $drd sliceB Drd |
---|
| 156 | |
---|
| 157 | ## Drd gives controls permission on sliceA to Frank |
---|
| 158 | attr="[keyid:$drd].role:controls([string:'sliceA']) <- [keyid:$frank]" |
---|
| 159 | name=${sidx}_Drd_controls_sliceA__frank_attr.der |
---|
| 160 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 161 | |
---|
| 162 | ## Drd gives controls_ permission on sliceA to Dan |
---|
| 163 | attr="[keyid:$drd].role:controls_([string:'sliceA']) <- [keyid:$dan]" |
---|
| 164 | name=${sidx}_Drd_controlsDel_sliceA__dan_attr.der |
---|
| 165 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 166 | |
---|
| 167 | ## Drd gives a delegate_controls_ permission on sliceA to Jim |
---|
| 168 | attr="[keyid:$drd].role:delegate_controls_([string:'sliceA']) <- [keyid:$jim]" |
---|
| 169 | name=${sidx}_Drd_delcontrolsDel_sliceA__jim_attr.der |
---|
| 170 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 171 | |
---|
| 172 | ## Jim gives a controls_ permission on sliceA to Nancy |
---|
| 173 | attr="[keyid:$jim].role:controls_([string:'sliceA']) <- [keyid:$nancy]" |
---|
| 174 | name=${sidx}_Jim_controlsDel_sliceA__nancy_attr.der |
---|
| 175 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 176 | |
---|
| 177 | ## SA gives controls permission on sliceA to Lisa |
---|
| 178 | attr="[keyid:$sa].role:controls([string:'sliceA']) <- [keyid:$lisa]" |
---|
| 179 | name=${sidx}_SA_controls_sliceA__lisa_attr.der |
---|
| 180 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 181 | |
---|
| 182 | ## SA gives controls_ permission on sliceA to Dan |
---|
| 183 | attr="[keyid:$sa].role:controls_([string:'sliceB']) <- [keyid:$dan]" |
---|
| 184 | name=${sidx}_SA_controlsDel_sliceB__dan_attr.der |
---|
| 185 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 186 | |
---|
| 187 | ## SA gives a delegate_controls_ permission on sliceA to Cary |
---|
| 188 | attr="[keyid:$sa].role:delegate_controls_([string:'sliceA']) <- [keyid:$cary]" |
---|
| 189 | name=${sidx}_SA_delcontrolsDel_sliceA__cary_attr.der |
---|
| 190 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 191 | |
---|
| 192 | ## SA gives controls_ permission on sliceA to Dan |
---|
| 193 | attr="[keyid:$sa].role:controls_([string:'sliceA']) <- [keyid:$dan]" |
---|
| 194 | name=${sidx}_SA_controlsDel_sliceA__dan_attr.der |
---|
| 195 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 196 | |
---|
| 197 | ## SA gives controls_ permission on sliceB to Alice |
---|
| 198 | attr="[keyid:$sa].role:controls_([string:'sliceB']) <- [keyid:$alice]" |
---|
| 199 | name=${sidx}_SA_controlsDel_sliceB__alice_attr.der |
---|
| 200 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 201 | |
---|
| 202 | ## SA gives controls_ permission on sliceA to Alice |
---|
| 203 | attr="[keyid:$sa].role:controls_([string:'sliceA']) <- [keyid:$alice]" |
---|
| 204 | name=${sidx}_SA_controlsDel_sliceA__alice_attr.der |
---|
| 205 | creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace |
---|
| 206 | |
---|
| 207 | |
---|
| 208 | |
---|