#!/usr/bin/env python

"""
     abac_attr.py

     To demonstrate how to use ABAC's api in python 
  
     call:   attr_abac IceCream_ID.pem IceCream_private.pem IceCream_attr.der Chocolate_ID.pem
  
     pre-conditions: generate IceCream_ID.pem and IceCream_private.pem with
             creddy --generate --cn IceCream
                     generate Chocolate_ID.pem and Chocolate_private.pem with
             creddy --generate --cn Chocolate
  
     This program will generate an attribute rule, write it out to an external
             file and also load it into the context (prolog db)
             [keyid:IceCream].delicious <- [Keyid:Chocolate]
  
     Then, a query is made against the context to see if it is populated correctly.
  
     Note: Chocolate's principal is loaded without it private key. It does not
           need to because it is not being used to generate attribute credential
  
"""

from sys import argv, exit
from ABAC import Context
from ABAC import ID, Attribute, Role

debug=0

## initial context
ctxt = Context()

print len(argv)

if len(argv) != 5:
    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pcert.pem>"
    exit(1)

# load the ID and its key
id = None
cid = None

try:
    id = ID(argv[1])
    id.id_load_privkey_file(argv[2])
    cid = ID(argv[4])
except Exception, e:
    print "Problem loading ID cert: %s" % e
    exit(1)

if debug :
    print "before the load"
    id.print_key_chunk()

# load the id into the context
ctxt.load_id_chunks(id.id_cert_chunk(), id.id_privkey_chunk())
# another way to load the id into the context
ctxt.load_id(cid)
#ctxt.load_id_chunks(cid.id_cert_chunk(), cid.id_privkey_chunk())

if debug :
    print "after the load"
    print "old,"
    id.print_key_chunk()

nid=ctxt.lookup_principal(id.id_keyid())
if debug :
    print "new,"
    nid.print_key_chunk()

#out = ctxt.context_principals()
#print "\n...final principal set..."
#for x in out[1]:
#    print "%s " % x.string()


# create an attribute cert
# iceCream.delicous <- chocolate
head= Role(id.id_keyid(),"delicious")
tail= Role(cid.id_keyid())

attr = Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()

# load attribute cert into the context
ctxt.load_attribute_chunk(attr.cert_chunk())

# another way to load the attribute cert into the context,
#ctxt.load_attribute(attr)

# yet another way to load the attribute cert into the context,
attr.attribute_write_cert(argv[3])
# ctxt.load_attribute_file(argv[3])

# what is in prolog db
# ctxt.dump_yap_db()

# run a proof
role = Role(id.id_keyid(),"delicious")
p=Role(cid.id_keyid())

out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())