source: examples/creddy_prover_tests/acme_friend_rt1/README @ 34e667d

mei_rt2mei_rt2_fix_1
Last change on this file since 34e667d was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 2.5 KB
RevLine 
[718ad924]1#!/bin/sh
[9502c50]2#
[2c01913]3# This example shows how a parameterized role can be used to infer a role and
4# that the same role can also be directly assigned.  The example has 4
5# principals, the Acme company, a Coyote, a RoadRUnner and a Jackrabbit.
6#
7# The policy of the Acme company is that anyone the Acme company thinks is a
8# friend of the Roadrunner is a preferred customer.  A friend of the roadrunner
9# has the [keyid:Acme}.role:friendOf([keyid:Roadrunner]) role, and a preferred
10# customer has the [keyid:Acme].role:preferred_customer role.
11#
12# This script creates the 4 and 3 credentials.  Credential 1 lays out the rule
13# that friends of the Roadrunner are preferred customers.  Credential 2
14# directly makes the Coyote a preferred customer.  Credential 3 recognizes that
15# Acme thinks that the Jackrabbit is the Roadrunner's friend.
16#
[9502c50]17# The attached ./run_query script tests whether the coyote is a friend of the
[2c01913]18# Roadrunner (which fails), whether the Jackrabbit is a friend of teh
19# Roadrunner (which succeeds), whether the Jackrabbit is a preferred customer
20# (which succeeds), whether the Coyote is a prefered customer (succeeds for a
21# different reason) and whether the system fails to load a bad certificate (it
22# does).
[718ad924]23
[f824a9e]24# acme_friend_rt1
[718ad924]25
26#[keyid:Acme].role:friendof([keyid:Roadrunner]) <-?- [keyid:Coyote] (no)
27#[keyid:Acme].role:preferred_customer <-?- [keyid:Jackrabbit] (yes)
28
29creddy --generate --cn Acme
30creddy --generate --cn Coyote
31creddy --generate --cn Roadrunner
32creddy --generate --cn Jackrabbit
33
34roadrunner_keyid=`creddy --keyid --cert Roadrunner_ID.pem`
35friendof_roadrunner="friendOf([keyid:$roadrunner_keyid])"
36
37#[keyid:Acme].role:preferred_customer <- [keyid:Acme].role:friendOf([keyid:Roadrunner])
[2c01913]38# Credential 1
[718ad924]39creddy --attribute \
40       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
41       --subject-cert Acme_ID.pem --subject-role  $friendof_roadrunner \
42       --out Acme_preferred_customer__Acme_friendof_Roadrunner_attr.der
43
44#[keyid:Acme].role:prefered_customer <- [keyid:Coyote]
[2c01913]45# Credential 2
[718ad924]46creddy --attribute \
47       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
48       --subject-cert Coyote_ID.pem \
49       --out Acme_preferred_customer__Coyote_attr.der
50
51#[keyid:Acme].role:friendOf([keyid:Roadrunner]) <- [keyid:Jackrabbit]
[2c01913]52# Credential 3
[718ad924]53creddy --attribute \
54       --issuer Acme_ID.pem --key Acme_private.pem --role $friendof_roadrunner \
55       --subject-cert Jackrabbit_ID.pem \
56       --out Acme_friendof_Roadrunner__Jackrabbit_attr.der
[da5afdf]57
Note: See TracBrowser for help on using the repository browser.