source: examples/creddy_prover_tests/acme_rockets_intersection_rt0/README @ 08b8da7

mei_rt2mei_rt2_fix_1
Last change on this file since 08b8da7 was f824a9e, checked in by Mei <mei@…>, 12 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 2.7 KB
Line 
1#!/bin/sh
2#
3# This example demonstrates intersections.  An intersection is a logical and of
4# roles or osets.  An intersection succeeds if the principal is in the
5# intersection of the sets defined by the roles.
6#
7# The policy set by Acme is that a character must both a preferred customer and
8# a WarnerBrothers character to buy rockets.  Each of those attributes is
9# specified by a role.
10#
11# This example defines 4 principals, Acme, WarnerBrothers, Coyote and Batman.
12# Credential 1 defines the policy requiring both roles to get the buy_rockets
13# role.  Credential 2 gives the Coyote a preferred_customer role.  Credential 3
14# gives Batman the preferred_customer role and Credential 4 recognizes the
15# Coyote as a Warner Brothers character.
16#
17#In order to buy rockets from Acme, you must be BOTH a preferred customer
18#AND a WarnerBros character. In this example, the following query will be
19#successful:
20#
21#    Acme.buy_rockets <-?- Coyote
22#
23#The following query will fail (because Batman does not have the
24#attribute WarnerBros.character):
25#
26#    Acme.buy_rockets <-?- Batman
27#
28# The attached ./run_query file carries out these queries.  As well as 2 queries for
29# non-existant certificates (which fail).
30#
31#Acme.buy_rockets <- Acme.preferred_customer & WarnerBros.character
32#Acme.preferred_customer <- Coyote
33#Acme.preferred_customer <- Batman
34#WarnerBros.character <- Coyote
35#
36
37# acme_rockets_intersection_rt0
38
39creddy --generate --cn Acme
40creddy --generate --cn WarnerBros
41creddy --generate --cn Coyote
42creddy --generate --cn Batman
43
44#[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer & [keyid:WarnerBros].role:charater
45# Credential 1
46creddy --attribute \
47       --issuer Acme_ID.pem --key Acme_private.pem --role buy_rockets \
48       --subject-cert Acme_ID.pem --subject-role preferred_customer \
49       --subject-cert WarnerBros_ID.pem --subject-role character \
50       --out Acme_buy_rockets__Acme_preferred_customer_and_WarnerBros_character_attr.der
51
52#[keyid:Acme].role:preferred_customer <- [keyid:Coyote]
53# Credential 2
54creddy --attribute \
55       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
56       --subject-cert Coyote_ID.pem \
57       --out Acme_preferred_customer__Coyote_attr.der
58
59#[keyid:Acme].role:preferred_customer <- [keyid:Batman]
60# Credential 3
61creddy --attribute \
62       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
63       --subject-cert Batman_ID.pem \
64       --out Acme_preferred_customer__Batman_attr.der
65
66#[keyid:WarnerBros].role:character <- [keyid:Coyote]
67# Credential 4
68creddy --attribute \
69       --issuer WarnerBros_ID.pem --key WarnerBros_private.pem --role character \
70       --subject-cert Coyote_ID.pem \
71       --out WarnerBros_character__Coyote_attr.der
Note: See TracBrowser for help on using the repository browser.