/** attr_abac.c To demonstrate how to use ABAC's api in C call: attr_abac IceCream_ID.pem IceCream_private.pem IceCream_attr.der pre-condition: generate IceCream_ID.pem and IceCream_private.pem with creddy --generate --cn IceCream generate Chocolate_ID.pem and Chocolate_private.pem with creddy --generate --cn IceCream This program will generate an attribute rule, write it out to an external file and also load it into the context (prolog db) [keyid:IceCream].delicious <- [Keyid:Chocolate] Then, a query is made against the context to see if it is populated correctly. ./abac_attr IceCream_ID.pem IceCream_private.pem IceCream_attr.der Chocolate_ID.pem **/ #include #include #include #include extern void abac_print_cred_info(abac_credential_t*, FILE*); extern char *abac_id_keyid(abac_id_t *id); extern abac_attribute_t *abac_attribute_add_tail(abac_attribute_t *ptr, abac_aspect_t *); int main(int argc, char **argv) { int i, success=0; abac_credential_t *cred=NULL; abac_credential_t **credentials=NULL; int rc; abac_context_t *ctx = abac_context_new(); /* build up structure */ abac_id_t *superK =NULL; abac_id_t *jack =NULL; superK = abac_id_from_file("SuperK_ID.pem"); rc=abac_id_load_privkey_file(superK,"SuperK_private.pem"); jack = abac_id_from_file("Jack_ID.pem"); rc=abac_id_load_privkey_file(jack,"Jack_private.pem"); abac_context_load_id(ctx,superK); abac_context_load_id(ctx,jack); abac_aspect_t *head=abac_role_create(abac_id_keyid(superK),"employee"); abac_aspect_t *tail=abac_role_principal_create(abac_id_keyid(jack)); abac_attribute_t *attr; rc=abac_attribute_create(&attr, head, NULL, 1800); abac_attribute_add_tail(attr, tail); rc=abac_attribute_bake(attr); abac_chunk_t chunk=abac_attribute_cert_chunk(attr); abac_attribute_t *nattr=abac_attribute_from_chunk(chunk); abac_context_load_attribute(ctx,nattr); /* abac_context_load_attribute(ctx,attr); */ show_yap_db("dump prolog"); abac_id_free(jack); abac_id_free(superK); abac_attribute_free(attr); abac_context_free(ctx); return 0; }