#!/usr/bin/env python

/**
   abac_attr.py

   To demonstrate how to use ABAC's api in C

   call:   attr_abac IceCream_ID.pem IceCream_private.pem IceCream_attr.der Chocolate_ID.pem

   pre-conditions: generate IceCream_ID.pem and IceCream_private.pem with
           creddy --generate --cn IceCream
                   generate Chocolate_ID.pem and Chocolate_private.pem with
           creddy --generate --cn Chocolate

   This program will generate an attribute rule, write it out to an external
           file and also load it into the context (prolog db)
           [keyid:IceCream].delicious <- [Keyid:Chocolate]

   Then, a query is made against the context to see if it is populated correctly.

   Note: Chocolate's principal is loaded without it private key. It does not
         need to because it is not being used to generate attribute credential

**/


from sys import argv, exit
from ABAC import Context
from ABAC import ID, Attribute, Role

debug=0

## initial context
ctxt = Context()

if len(argv) != 5:
    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pcert.pem>"
    exit(1)

# load the ID and its key
id = None
try:
    id = ID(argv[1])
    id.id_load_privkey_file(argv[2])
    chocolate_id = ID(argv[4])
except Exception, e:
    print "Problem loading ID cert: %s" % e
    exit(1)

if debug :
    print "before the load"
    id.print_key_chunk()

# load the id into the context
ctxt.load_id_chunks(id.id_cert_chunk(), id.id_privkey_chunk())
# another way to load the id into the context
#ctxt.load_id(id)
ctxt.load_id(chocolate_id)

if debug :
    print "after the load"
    print "old,"
    id.print_key_chunk()

nid=ctxt.lookup_principal(id.id_keyid())
if debug :
    print "new,"
    nid.print_key_chunk()

out = ctxt.context_principals()
print "\n...final principal set..."
for x in out[1]:
    print "%s " % x.string()


# create an attribute cert
# iceCream.delicous <- chocolate
head= Role(id.id_keyid(),"delicious")
tail= Role(chocolate_id.id_keyid())

attr = Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()

# load attribute cert into the context
ctxt.load_attribute_chunk(attr.cert_chunk())

# another way to load the attribute cert into the context,
# ctxt.load_attribute(attr)

# yet another way to load the attribute cert into the context,
attr.attribute_write_cert(argv[3])
# ctxt.load_attribute_file(argv[3])

# what is in prolog db
# ctxt.dump_yap_db()

# run a proof
role = Role(id.id_keyid(),"delicious")
p=Role(chocolate_id.id_keyid())

out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())