source: examples/example_scripts/python/abac_attr.py @ c6d5da3

mei_rt2mei_rt2_fix_1
Last change on this file since c6d5da3 was bea18ef, checked in by Mei <mei@…>, 12 years ago

1) add more tiny prover tests in examples/example_scripts
2) reverted the changes to ABAC_VERSION in libabac's abac_util.c

  • Property mode set to 100755
File size: 2.6 KB
Line 
1#!/usr/bin/env python
2
3"""
4     abac_attr.py
5
6     To demonstrate how to use ABAC's api in python
7 
8     call:   attr_abac IceCream_ID.pem IceCream_private.pem IceCream_attr.der Chocolate_ID.pem
9 
10     pre-conditions: generate IceCream_ID.pem and IceCream_private.pem with
11             creddy --generate --cn IceCream
12                     generate Chocolate_ID.pem and Chocolate_private.pem with
13             creddy --generate --cn Chocolate
14 
15     This program will generate an attribute rule, write it out to an external
16             file and also load it into the context (prolog db)
17             [keyid:IceCream].delicious <- [Keyid:Chocolate]
18 
19     Then, a query is made against the context to see if it is populated correctly.
20 
21     Note: Chocolate's principal is loaded without it private key. It does not
22           need to because it is not being used to generate attribute credential
23 
24"""
25
26from sys import argv, exit
27from ABAC import Context
28from ABAC import ID, Attribute, Role
29
30debug=0
31
32## initial context
33ctxt = Context()
34
35print len(argv)
36
37if len(argv) != 5:
38    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pcert.pem>"
39    exit(1)
40
41# load the ID and its key
42id = None
43cid = None
44
45try:
46    id = ID(argv[1])
47    id.id_load_privkey_file(argv[2])
48    cid = ID(argv[4])
49except Exception, e:
50    print "Problem loading ID cert: %s" % e
51    exit(1)
52
53if debug :
54    print "before the load"
55    id.print_key_chunk()
56
57# load the id into the context
58ctxt.load_id_chunks(id.id_cert_chunk(), id.id_privkey_chunk())
59# another way to load the id into the context
60#ctxt.load_id(id)
61ctxt.load_id(cid)
62
63if debug :
64    print "after the load"
65    print "old,"
66    id.print_key_chunk()
67
68nid=ctxt.lookup_principal(id.id_keyid())
69if debug :
70    print "new,"
71    nid.print_key_chunk()
72
73out = ctxt.context_principals()
74print "\n...final principal set..."
75for x in out[1]:
76    print "%s " % x.string()
77
78
79# create an attribute cert
80# iceCream.delicous <- chocolate
81head= Role(id.id_keyid(),"delicious")
82tail= Role(cid.id_keyid())
83
84attr = Attribute(head, 1800)
85attr.attribute_add_tail(tail)
86attr.attribute_bake()
87
88# load attribute cert into the context
89ctxt.load_attribute_chunk(attr.cert_chunk())
90
91# another way to load the attribute cert into the context,
92# ctxt.load_attribute(attr)
93
94# yet another way to load the attribute cert into the context,
95attr.attribute_write_cert(argv[3])
96# ctxt.load_attribute_file(argv[3])
97
98# what is in prolog db
99# ctxt.dump_yap_db()
100
101# run a proof
102role = Role(id.id_keyid(),"delicious")
103p=Role(cid.id_keyid())
104
105out = ctxt.query(role, p)
106for c in out[1]:
107    print "%s <- %s" % (c.head_string(), c.tail_string())
108
Note: See TracBrowser for help on using the repository browser.