| 1 | #!/bin/sh |
|---|
| 2 | # |
|---|
| 3 | # The example makes use of 2 principals, Acme and Coyote. |
|---|
| 4 | # |
|---|
| 5 | # This example shows a very simple delegation of roles by Acme with |
|---|
| 6 | # multiple possible solution proofs. Acme's buy_rockets role includes |
|---|
| 7 | # all of Acme's preferred customers and those with worst luck. The example |
|---|
| 8 | # creates the principals and 4 credentials. Credential 1 encodes the policy |
|---|
| 9 | # that all of Acme's preferred customers can buy rockets from Acme and |
|---|
| 10 | # Credential 2 defines the Coyote as an Acme preferred customer. |
|---|
| 11 | # Credential 3 encodes the policy that all of Acme's worst lucked |
|---|
| 12 | # can buy rockets from Acme and Credential 4 defines the Coyote as one of worst |
|---|
| 13 | # lucked. |
|---|
| 14 | |
|---|
| 15 | # The ./run_query script issues queries to show that the Coyote is both a preferred |
|---|
| 16 | # customer and can buy rockets and then continue to find the other solution proof |
|---|
| 17 | # that Coyote is worst lucked and also can buy rocket from Acme. Two invalid |
|---|
| 18 | # queries are also made, checking if Acme is the Coyote's friend, which it isn't |
|---|
| 19 | # and whether a query about something other than a principal works (it doesn't). |
|---|
| 20 | |
|---|
| 21 | # acme_multi_rt0 |
|---|
| 22 | |
|---|
| 23 | creddy --generate --cn Acme |
|---|
| 24 | creddy --generate --cn Coyote |
|---|
| 25 | |
|---|
| 26 | #[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer |
|---|
| 27 | # Credential 1 |
|---|
| 28 | creddy --attribute \ |
|---|
| 29 | --issuer Acme_ID.pem --key Acme_private.pem --role buy_rockets \ |
|---|
| 30 | --subject-cert Acme_ID.pem --subject-role preferred_customer \ |
|---|
| 31 | --out Acme_buy_rockets__Acme_preferred_customer_attr.der |
|---|
| 32 | |
|---|
| 33 | #[keyid:Acme].role:preferred_customer <- [keyid:Coyote] |
|---|
| 34 | # Credential 2 |
|---|
| 35 | creddy --attribute \ |
|---|
| 36 | --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \ |
|---|
| 37 | --subject-cert Coyote_ID.pem \ |
|---|
| 38 | --out Acme_preferred_customer__Coyote_attr.der |
|---|
| 39 | |
|---|
| 40 | #[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:worst_lucked |
|---|
| 41 | # Credential 3 |
|---|
| 42 | creddy --attribute \ |
|---|
| 43 | --issuer Acme_ID.pem --key Acme_private.pem --role buy_rockets \ |
|---|
| 44 | --subject-cert Acme_ID.pem --subject-role worst_lucked \ |
|---|
| 45 | --out Acme_buy_rockets__Acme_worst_lucked_attr.der |
|---|
| 46 | |
|---|
| 47 | #[keyid:Acme].role:worst_lucked <- [keyid:Coyote] |
|---|
| 48 | # Credential 4 |
|---|
| 49 | creddy --attribute \ |
|---|
| 50 | --issuer Acme_ID.pem --key Acme_private.pem --role worst_lucked \ |
|---|
| 51 | --subject-cert Coyote_ID.pem \ |
|---|
| 52 | --out Acme_worst_lucked__Coyote_attr.der |
|---|
| 53 | |
|---|
