source: examples/example_scripts/python/abac_attr.py @ f89b991

mei_rt2
Last change on this file since f89b991 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 2.6 KB
Line 
1#!/usr/bin/env python
2
3"""
4     abac_attr.py
5
6     To demonstrate how to use ABAC's api in python
7 
8     call:   attr_abac IceCream_ID.pem IceCream_private.pem IceCream_attr.der Chocolate_ID.pem
9 
10     pre-conditions: generate IceCream_ID.pem and IceCream_private.pem with
11             creddy --generate --cn IceCream
12                     generate Chocolate_ID.pem and Chocolate_private.pem with
13             creddy --generate --cn Chocolate
14 
15     This program will generate an attribute rule, write it out to an external
16             file and also load it into the context (prolog db)
17             [keyid:IceCream].delicious <- [Keyid:Chocolate]
18 
19     Then, a query is made against the context to see if it is populated correctly.
20 
21     Note: Chocolate's principal is loaded without it private key. It does not
22           need to because it is not being used to generate attribute credential
23 
24"""
25
26from sys import argv, exit
27from ABAC import Context
28from ABAC import ID, Attribute, Role
29
30debug=0
31
32## initial context
33ctxt = Context()
34
35print len(argv)
36
37if len(argv) != 5:
38    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pcert.pem>"
39    exit(1)
40
41# load the ID and its key
42id = None
43cid = None
44
45try:
46    id = ID(argv[1])
47    id.id_load_privkey_file(argv[2])
48    cid = ID(argv[4])
49except Exception, e:
50    print "Problem loading ID cert: %s" % e
51    exit(1)
52
53if debug :
54    print "before the load"
55    id.print_key_chunk()
56
57# load the id into the context
58ctxt.load_id_chunks(id.id_cert_chunk(), id.id_privkey_chunk())
59# another way to load the id into the context
60ctxt.load_id(cid)
61#ctxt.load_id_chunks(cid.id_cert_chunk(), cid.id_privkey_chunk())
62
63if debug :
64    print "after the load"
65    print "old,"
66    id.print_key_chunk()
67
68nid=ctxt.lookup_principal(id.id_keyid())
69if debug :
70    print "new,"
71    nid.print_key_chunk()
72
73#out = ctxt.context_principals()
74#print "\n...final principal set..."
75#for x in out[1]:
76#    print "%s " % x.string()
77
78
79# create an attribute cert
80# iceCream.delicous <- chocolate
81head= Role(id.id_keyid(),"delicious")
82tail= Role(cid.id_keyid())
83
84attr = Attribute(head, 1800)
85attr.attribute_add_tail(tail)
86attr.attribute_bake()
87
88# load attribute cert into the context
89ctxt.load_attribute_chunk(attr.cert_chunk())
90
91# another way to load the attribute cert into the context,
92#ctxt.load_attribute(attr)
93
94# yet another way to load the attribute cert into the context,
95attr.attribute_write_cert(argv[3])
96# ctxt.load_attribute_file(argv[3])
97
98# what is in prolog db
99# ctxt.dump_yap_db()
100
101# run a proof
102role = Role(id.id_keyid(),"delicious")
103p=Role(cid.id_keyid())
104
105out = ctxt.query(role, p)
106for c in out[1]:
107    print "%s <- %s" % (c.head_string(), c.tail_string())
108
Note: See TracBrowser for help on using the repository browser.