source: examples/example_scripts/python/abac_e_attr.py @ ba6027a

mei_rt2mei_rt2_fix_1
Last change on this file since ba6027a was ba6027a, checked in by Mei <mei@…>, 12 years ago

1) modified code all around to add support for encrypted private key for

ID credential

2) add new abac_key_t structure (abac_key.c)
3) add new keycheck option to creddy
4) add 2 new test suites
  • Property mode set to 100755
File size: 2.7 KB
RevLine 
[ba6027a]1#!/usr/bin/env python
2
3/**
4   abac_e_attr.py
5
6   To demonstrate how to use ABAC's api in C with principal credential that uses
7   encrypted private key
8
9   call:   attr_e_abac Soda_ID.pem Soda_private.pem Soda_attr.der pfile Cream_ID.pem
10
11   pre-conditions: generate Soda_ID.pem and Soda_private.pem with
12           creddy --generate --cn Soda
13                   generate Chocolate_ID.pem and Chocolate_private.pem with
14           creddy --generate --cn Cream
15                   generate passphrase file
16                   generate a private key using openssl
17
18   This program will generate an attribute rule, write it out to an external
19           file and also load it into the context (prolog db)
20           [keyid:Soda].delicious <- [Keyid:Chocolate]
21
22   Then, a query is made against the context to see if it is populated correctly.
23
24   Note: Cream's principal is loaded without it private key. It does not
25         need to because it is not being used to generate attribute credential
26
27**/
28
29
30
31
32from sys import argv, exit
33from ABAC import Context
34from ABAC import ID, Attribute, Role
35
36debug=0
37
38## initial context
39ctxt = Context()
40
41if len(argv) != 6:
42    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pfile> <c_cert.pem>"
43    exit(1)
44
45# load the ID and its key
46id = None
47try:
48    id = ID(argv[1])
49    id.id_load_encrypted_privkey_file(argv[2], argv[4])
50    cream_id = ID(argv[5])
51except Exception, e:
52    print "Problem loading ID cert: %s" % e
53    exit(1)
54
55if debug :
56    print "before the load"
57    id.print_key_chunk()
58
59# load the id into the context
60ctxt.load_id_encrypted_chunks(id.id_cert_chunk(), id.id_privkey_chunk(), argv[4])
61# another way to load the id into the context
62ctxt.load_id(cream_id)
63
64if debug :
65    print "after the load"
66    print "old,"
67    id.print_key_chunk()
68
69nid=ctxt.lookup_principal(id.id_keyid())
70if debug :
71    print "new,"
72    nid.print_key_chunk()
73
74out = ctxt.context_principals()
75print "\n...final principal set..."
76for x in out[1]:
77    print "%s " % x.string()
78
79
80# create an attribute cert
81head= Role(id.id_keyid(),"delicious")
82tail= Role(cream_id.id_keyid())
83
84attr = Attribute(head, 1800)
85attr.attribute_add_tail(tail)
86attr.attribute_bake()
87
88# load attribute cert into the context
89ctxt.load_attribute_chunk(attr.cert_chunk())
90
91# another way to load the attribute cert into the context,
92# ctxt.load_attribute(attr)
93
94# yet another way to load the attribute cert into the context,
95attr.attribute_write_cert(argv[3])
96# ctxt.load_attribute_file(argv[3])
97
98# what is in prolog db
99# ctxt.dump_yap_db()
100
101# run a proof
102role = Role(id.id_keyid(),"delicious")
103p=Role(cream_id.id_keyid())
104
105out = ctxt.query(role, p)
106for c in out[1]:
107    print "%s <- %s" % (c.head_string(), c.tail_string())
108
Note: See TracBrowser for help on using the repository browser.