source: examples/creddy_prover_tests/balltime_rt2/README @ 1621520

mei_rt2mei_rt2_fix_1
Last change on this file since 1621520 was 5110d42, checked in by Mei <mei@…>, 13 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

  • Property mode set to 100755
File size: 5.2 KB
Line 
1#!/bin/sh
2#
3#####################################################################
4# This example demonstrates using an oset (object set) to control access
5# to files based on the attributes of the principals.  The script creates
6# three principals League, John and Mark and sets out the access policy.
7#
8# files are named by URNs and are not principals.
9#
10# A principal's access rights are controlled by the League principal.  If a
11# principal has the role role::stadium(string:'access',boolean:true,time:now)
12# that  principal can go into stadium if principal's team has a scheduled
13# gametime.  A principal is in team's roster if it is in
14# the oset of players(team) defined by League, written
15# [keyid:League].oset:players(string:'north'))
16#
17# The example below lays out the policy that players of a given team can
18# go to the stadium when it is their team's gametime -- credential 1.
19# or any player of a team that is controlled by the League principal can
20# go to the stadium during stadium's free for all time -- credential 2.
21#
22# Credentials 3 & 4 establish the afernoon gametimes for team(north)
23# and for team(south)
24# Credentials 5 & 6 establish John as player of team(north) and Mark as
25# a player for team(south)
26#
27# The attached ./run_query file runs 3 queries.  First it confirms that John can
28# go to stadium at his team's gametime, then it confirms that Mark cannot
29# go because it is not his gametime, but Mark can go to the stadium during
30# stadium's free-for-all early morning time
31
32# balltime_rt2_typed
33
34creddy --generate --cn League
35creddy --generate --cn John
36creddy --generate --cn Mark
37
38league_keyid=`creddy --keyid --cert League_ID.pem`
39john_keyid=`creddy --keyid --cert John_ID.pem`
40mark_keyid=`creddy --keyid --cert Mark_ID.pem`
41
42stadium_qFqT="stadium([string:'access'],[boolean:true],[time:?F[keyid:$league_keyid].oset:gametime([string:?T])])"
43stadium_qR="stadium([string:'access'],[boolean:?B:[true]],[time:?F:[20120228T080000..20120228T090000]])"
44
45players_qT="players([string:?T])"
46
47#[keyid:league].role:stadium([string:'access'],[boolean:true],
48#          [time:?F:[keyid:league].oset.gametime([string:?T])])
49#                <-[keyid:league].role:players([string:?T])
50# Credential 1
51creddy --attribute \
52       --issuer League_ID.pem --key League_private.pem --role "$stadium_qFqT" \
53       --subject-cert League_ID.pem --subject-role "$players_qT" \
54       --out League_access_qFqT__League_players_qT_attr.der
55
56#[keyid:league].role:stadium([string:'access'],[boolean:?B:[true],
57#              [time:?F:[20120228T080000..20120228T090000]])
58#               <- [keyid:league].role:players(string:?T)
59# Credential 2
60creddy --attribute \
61       --issuer League_ID.pem --key League_private.pem --role "$stadium_qR" \
62       --subject-cert League_ID.pem --subject-role "$players_qT" \
63       --out League_access_qR__League_players_qT_attr.der
64
65
66# [keyid:league].oset:gametime([time:20120228T130000])
67#                    <- [keyid:league].oset:players([string:'north')
68# Credential 3
69creddy --attribute \
70        --issuer League_ID.pem --key League_private.pem \
71        --oset "gametime([string:'north'])" \
72        --subject-obj "[time:20120228T130000]" \
73        --out League_gametime_north__timeT_attr.der
74
75# [keyid:league].oset:gametime([time:20120228T140000])
76#                    <- [keyid:league].oset:players([string:'south')
77# Credential 4
78creddy --attribute \
79        --issuer League_ID.pem --key League_private.pem \
80        --oset "gametime([string:'south'])" \
81        --subject-obj "[time:20120228T140000]" \
82        --out League_gametime_south__time2T_attr.der
83
84# [keyid:league].role:players([string:'north'])<-[keyid:John]
85creddy --attribute \
86        --issuer League_ID.pem --key League_private.pem \
87        --role "players([string:'north'])" \
88        --subject-cert John_ID.pem \
89        --out League_players_north__John_attr.der
90
91# [keyid:league].role:players([string:'south'])<-[keyid:Mark]
92creddy --attribute \
93        --issuer League_ID.pem --key League_private.pem \
94        --role "players([string:'south'])" \
95        --subject-cert Mark_ID.pem \
96        --out League_players_south__Mark_attr.der
97
98#####################################################################
99#league allows member of a team to access stadium at their team's designed time
100#
101#[keyid:league].role:stadium([string:'access'],[boolean:true],
102#          [time:?F:[keyid:league].oset.gametime([string:?T])])
103#                <-[keyid:league].role:players([string:?T])
104#
105#[keyid:league].role:stadium([string:'access'],[time:?Tm]) <- [principal:?P]
106#[keyid:league].oset:gametime(string:?Team) <- [time:?Tm]
107#[keyid:league].role:player(string:?Team) <- [principal:?P]
108#
109#
110#league.stadium(access,?Time:league.gametime(?Team)) <- league.players(?Teams)
111#              league.player(north) <- john
112#              league.player(south) <- mark
113#              league.gametime(north) <- [time:'20120228T130000']
114#              league.gametime(south) <- [time:'20120228T140000']
115#
116#league.statdium(access,?FreeTime:[20120228T080000..20120228T090000])
117#                  <- league.players(_).
118#
119#[keyid:league].role:stadium([string:'access'],[boolean:?B:[true]],
120#              [time:?F:['20120228T080000'..'20120228T090000']])
121#               <- [keyid:league].role:players(string:?T)
Note: See TracBrowser for help on using the repository browser.