source: examples/example_scripts/python/abac_e_attr.py @ 4e10a0f

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since 4e10a0f was 4721618, checked in by Mei <mei@…>, 12 years ago

1) tested out python and perl test scripts along with

abac_chunk_t calls in libabac's abac.hh

  • Property mode set to 100755
File size: 2.4 KB
Line 
1#!/usr/bin/env python
2
3"""
4   abac_e_attr.py
5
6   To demonstrate how to use ABAC's api in python with principal credential that uses
7   encrypted private key
8
9   call:   attr_e_abac Soda_ID.pem Soda_private.pem Soda_attr.der pfile Cream_ID.pem
10
11   pre-conditions: make a passpphrase file and
12                   generate a Soda_private.pem with passphrase with openssl
13                   generate Soda_ID.pem with creddy with supplied private key
14                   generate Cream_ID.pem and clear Cream_private.pem with
15                          creddy --generate --cn Cream
16
17   This program will generate an attribute rule, write it out to an external
18           file and also load it into the context
19           Soda.delicious <- Cream
20
21   Then, a query is made against the context to see if it is populated correctly.
22
23   Note: Cream's principal is loaded without it private key. It does not
24         need to because it is not being used to generate attribute credential
25
26"""
27
28
29
30
31from sys import argv, exit
32from ABAC import Context
33from ABAC import ID, Attribute, Role
34
35debug=0
36
37## initial context
38ctxt = Context()
39
40if len(argv) != 6:
41    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.xml> <pfile> <c_cert.pem>"
42    exit(1)
43
44# load the ID and its key
45id = None
46try:
47    id = ID(argv[1])
48    id.load_privkey(argv[2])
49    cream_id = ID(argv[5])
50except Exception, e:
51    print "Problem loading ID cert: %s" % e
52    exit(1)
53
54# load the id into the context
55ctxt.load_id_chunk(id.cert_chunk())
56# another way to load the id into the context
57# ctxt.load_id(cream_id), not implemented
58ctxt.load_id_chunk(cream_id.cert_chunk())
59
60# create an attribute cert
61attr = Attribute(id, "delicious", 1000)
62attr.principal(cream_id.keyid())
63attr.bake()
64
65# load attribute cert into the context
66ctxt.load_attribute_chunk(attr.cert_chunk())
67
68# another way to load the attribute cert into the context,
69# ctxt.load_attribute(attr)
70
71# yet another way to load the attribute cert into the context,
72attr.write_file(argv[3])
73# ctxt.load_attribute_file(argv[3])
74
75print '---------'
76(credentials) = ctxt.credentials()
77for credential in credentials:
78    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())
79print '---------'
80
81
82(success, credentials) = ctxt.query("%s.delicious" % id.keyid(), cream_id.keyid())
83if success:
84    print "success!"
85for credential in credentials:
86    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())
87
Note: See TracBrowser for help on using the repository browser.