| 1 | #!/bin/sh |
|---|
| 2 | |
|---|
| 3 | # This example shows an example of reasoning about a role's parameters. There |
|---|
| 4 | # are 4 principals StateU, Bob, Maryann, and Joe. StateU wants to establish a |
|---|
| 5 | # set of founding alumni based on the year of graduation. On graduation each |
|---|
| 6 | # alum has previously been issued a credential parameterized with their major |
|---|
| 7 | # and graduation year. StateU sets up a policy that says that a principal is a |
|---|
| 8 | # founding alum if they graduated in 1960, 1961, or 1963 no matter what major |
|---|
| 9 | # the principal had. One assumes there was some kind of NCAA suspension in |
|---|
| 10 | # 1962. This policy is expressed in Credential 1. |
|---|
| 11 | # |
|---|
| 12 | # Credentials 2, 3, and 4 each assign a diploma credential to Bob (a 1961 |
|---|
| 13 | # mathematics degree), Joe (a 1955 zoology degree) and Maryann (a 1962 |
|---|
| 14 | # psychology degree). |
|---|
| 15 | # |
|---|
| 16 | # The attached ./rr file asks if each of these principals are favored alums, |
|---|
| 17 | # and only Bob is. |
|---|
| 18 | |
|---|
| 19 | rm -rf *.der *.pem |
|---|
| 20 | # [keyid:stateU].role:foundingAlumni <-?- [keyid:Bob] (yes) |
|---|
| 21 | # [keyid:stateU].role:foundingAlumni <-?- [keyid:Maryann] (no) |
|---|
| 22 | # [keyid:stateU].role:foundingAlumni <-?- [keyid:Joe] (no) |
|---|
| 23 | |
|---|
| 24 | creddy --generate --cn StateU |
|---|
| 25 | creddy --generate --cn Bob |
|---|
| 26 | creddy --generate --cn Maryann |
|---|
| 27 | creddy --generate --cn Joe |
|---|
| 28 | |
|---|
| 29 | stateU_keyid=`creddy --keyid --cert StateU_ID.pem` |
|---|
| 30 | bob_keyid=`creddy --keyid --cert Bob_ID.pem` |
|---|
| 31 | maryann_keyid=`creddy --keyid --cert Maryann_ID.pem` |
|---|
| 32 | joe_keyid=`creddy --keyid --cert Joe_ID.pem` |
|---|
| 33 | |
|---|
| 34 | diploma_q_qY="diploma([?], [integer:?Year:[1960,1961,1963]])" |
|---|
| 35 | |
|---|
| 36 | diploma_m="diploma([string:'mathmatics'],[integer:1961])" |
|---|
| 37 | diploma_z="diploma([string:'zoology'],[integer:1955])" |
|---|
| 38 | diploma_p="diploma([string:'psychology'],[integer:1962])" |
|---|
| 39 | |
|---|
| 40 | # [keyid:stateU].role:foundingAlumni |
|---|
| 41 | # <- [keyid:stateU].role:diploma([?], [integer:?Year:[1960,1961,1963]]) |
|---|
| 42 | # Credential 1 |
|---|
| 43 | creddy --attribute \ |
|---|
| 44 | --issuer StateU_ID.pem --key StateU_private.pem --role "foundingAlumni" \ |
|---|
| 45 | --subject-cert StateU_ID.pem --subject-role "$diploma_q_qY" \ |
|---|
| 46 | --out StateU_foundingAlumni__stateU_diploma_q_qY_attr.der |
|---|
| 47 | |
|---|
| 48 | # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob] |
|---|
| 49 | # Credential 2 |
|---|
| 50 | creddy --attribute \ |
|---|
| 51 | --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_m" \ |
|---|
| 52 | --subject-cert Bob_ID.pem \ |
|---|
| 53 | --out StateU_diploma_m__Bob_attr.der |
|---|
| 54 | |
|---|
| 55 | # [keyid:stateU].role:diploma([string:'zoology'],[integer:1955]) <- [keyid:joe] |
|---|
| 56 | # Credential 3 |
|---|
| 57 | creddy --attribute \ |
|---|
| 58 | --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_z" \ |
|---|
| 59 | --subject-cert Joe_ID.pem \ |
|---|
| 60 | --out StateU_diploma_m__Joe_attr.der |
|---|
| 61 | |
|---|
| 62 | # [keyid:stateU].role:diploma([string:'psychology'],[integer:1962]) <- [keyid:maryann] |
|---|
| 63 | # Credential 4 |
|---|
| 64 | creddy --attribute \ |
|---|
| 65 | --issuer StateU_ID.pem --key StateU_private.pem --role "$diploma_p" \ |
|---|
| 66 | --subject-cert Maryann_ID.pem \ |
|---|
| 67 | --out StateU_diploma_m__Maryann_attr.der |
|---|
| 68 | |
|---|
