1 | #!/usr/bin/env python |
---|
2 | |
---|
3 | """ |
---|
4 | abac_attr.py |
---|
5 | |
---|
6 | To demonstrate how to use ABAC's api in python |
---|
7 | |
---|
8 | call: attr_abac IceCream_ID.pem IceCream_private.pem IceCream_attr.xml Chocolate_ID.pem |
---|
9 | |
---|
10 | pre-conditions: generate IceCream_ID.pem and IceCream_private.pem with |
---|
11 | creddy --generate --cn IceCream |
---|
12 | generate Chocolate_ID.pem and Chocolate_private.pem with |
---|
13 | creddy --generate --cn Chocolate |
---|
14 | |
---|
15 | This program will generate an attribute rule, write it out to an external |
---|
16 | file and also load it into the context (prolog db) |
---|
17 | IceCream.delicious <- Chocolate |
---|
18 | |
---|
19 | Then, a query is made against the context to see if it is populated correctly. |
---|
20 | |
---|
21 | Note: Chocolate's principal is loaded without it private key. It does not |
---|
22 | need to because it is not being used to generate attribute credential |
---|
23 | |
---|
24 | """ |
---|
25 | |
---|
26 | from sys import argv, exit |
---|
27 | from ABAC import Context |
---|
28 | from ABAC import ID, Attribute, Role |
---|
29 | |
---|
30 | debug=0 |
---|
31 | |
---|
32 | ## initial context |
---|
33 | ctxt = Context() |
---|
34 | |
---|
35 | print len(argv) |
---|
36 | |
---|
37 | if len(argv) != 5: |
---|
38 | print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.xml> <pcert.pem>" |
---|
39 | exit(1) |
---|
40 | |
---|
41 | # load the ID and its key |
---|
42 | id = None |
---|
43 | cid = None |
---|
44 | |
---|
45 | try: |
---|
46 | id = ID(argv[1]) |
---|
47 | id.load_privkey(argv[2]) |
---|
48 | cid = ID(argv[4]) |
---|
49 | except Exception, e: |
---|
50 | print "Problem loading ID cert: %s" % e |
---|
51 | exit(1) |
---|
52 | |
---|
53 | # load the id into the context |
---|
54 | ctxt.load_id_chunk(id.cert_chunk()) |
---|
55 | # another way to load the id into the context |
---|
56 | #XXX not implemented yet...ctxt.load_id(cid) |
---|
57 | ctxt.load_id_chunk(cid.cert_chunk()) |
---|
58 | |
---|
59 | #out = ctxt.credentials() |
---|
60 | #print "\n...final principal set..." |
---|
61 | #for x in out[1]: |
---|
62 | # print "%s " % x.string() |
---|
63 | |
---|
64 | # create an attribute cert |
---|
65 | # iceCream.delicous <- chocolate |
---|
66 | attr = Attribute(id, "delicious", 1000) |
---|
67 | attr.principal(cid.keyid()) |
---|
68 | attr.bake() |
---|
69 | |
---|
70 | # load attribute cert into the context |
---|
71 | ctxt.load_attribute_chunk(attr.cert_chunk()) |
---|
72 | |
---|
73 | # another way to load the attribute cert into the context, |
---|
74 | # not implemented, ctxt.load_attribute(attr) |
---|
75 | |
---|
76 | # yet another way to load the attribute cert into the context, |
---|
77 | attr.write_file(argv[3]) |
---|
78 | # ctxt.load_attribute_file(argv[3]) |
---|
79 | |
---|
80 | # run a proof |
---|
81 | (success, credentials) = ctxt.query("%s.delicious" % id.keyid(), cid.keyid()) |
---|
82 | |
---|
83 | if success: |
---|
84 | print "success!" |
---|
85 | |
---|
86 | for credential in credentials: |
---|
87 | print "credential %s <- %s" % (credential.head().string(), credential.tail().string()) |
---|
88 | |
---|
89 | |
---|