source: examples/example_scripts/python/abac_attr.py @ ba6027a

mei_rt2mei_rt2_fix_1
Last change on this file since ba6027a was ba6027a, checked in by Mei <mei@…>, 12 years ago

1) modified code all around to add support for encrypted private key for

ID credential

2) add new abac_key_t structure (abac_key.c)
3) add new keycheck option to creddy
4) add 2 new test suites

  • Property mode set to 100755
File size: 2.6 KB
Line 
1#!/usr/bin/env python
2
3/**
4   abac_attr.py
5
6   To demonstrate how to use ABAC's api in C
7
8   call:   attr_abac IceCream_ID.pem IceCream_private.pem IceCream_attr.der Chocolate_ID.pem
9
10   pre-conditions: generate IceCream_ID.pem and IceCream_private.pem with
11           creddy --generate --cn IceCream
12                   generate Chocolate_ID.pem and Chocolate_private.pem with
13           creddy --generate --cn Chocolate
14
15   This program will generate an attribute rule, write it out to an external
16           file and also load it into the context (prolog db)
17           [keyid:IceCream].delicious <- [Keyid:Chocolate]
18
19   Then, a query is made against the context to see if it is populated correctly.
20
21   Note: Chocolate's principal is loaded without it private key. It does not
22         need to because it is not being used to generate attribute credential
23
24**/
25
26
27from sys import argv, exit
28from ABAC import Context
29from ABAC import ID, Attribute, Role
30
31debug=0
32
33## initial context
34ctxt = Context()
35
36if len(argv) != 5:
37    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pcert.pem>"
38    exit(1)
39
40# load the ID and its key
41id = None
42try:
43    id = ID(argv[1])
44    id.id_load_privkey_file(argv[2])
45    chocolate_id = ID(argv[4])
46except Exception, e:
47    print "Problem loading ID cert: %s" % e
48    exit(1)
49
50if debug :
51    print "before the load"
52    id.print_key_chunk()
53
54# load the id into the context
55ctxt.load_id_chunks(id.id_cert_chunk(), id.id_privkey_chunk())
56# another way to load the id into the context
57#ctxt.load_id(id)
58ctxt.load_id(chocolate_id)
59
60if debug :
61    print "after the load"
62    print "old,"
63    id.print_key_chunk()
64
65nid=ctxt.lookup_principal(id.id_keyid())
66if debug :
67    print "new,"
68    nid.print_key_chunk()
69
70out = ctxt.context_principals()
71print "\n...final principal set..."
72for x in out[1]:
73    print "%s " % x.string()
74
75
76# create an attribute cert
77# iceCream.delicous <- chocolate
78head= Role(id.id_keyid(),"delicious")
79tail= Role(chocolate_id.id_keyid())
80
81attr = Attribute(head, 1800)
82attr.attribute_add_tail(tail)
83attr.attribute_bake()
84
85# load attribute cert into the context
86ctxt.load_attribute_chunk(attr.cert_chunk())
87
88# another way to load the attribute cert into the context,
89# ctxt.load_attribute(attr)
90
91# yet another way to load the attribute cert into the context,
92attr.attribute_write_cert(argv[3])
93# ctxt.load_attribute_file(argv[3])
94
95# what is in prolog db
96# ctxt.dump_yap_db()
97
98# run a proof
99role = Role(id.id_keyid(),"delicious")
100p=Role(chocolate_id.id_keyid())
101
102out = ctxt.query(role, p)
103for c in out[1]:
104    print "%s <- %s" % (c.head_string(), c.tail_string())
105
Note: See TracBrowser for help on using the repository browser.