#!/usr/bin/env python

"""
   abac_e_attr.py

   To demonstrate how to use ABAC's api in python with principal credential that uses
   encrypted private key

   call:   attr_e_abac Soda_ID.pem Soda_private.pem Soda_attr.der pfile Cream_ID.pem

   pre-conditions: generate Soda_ID.pem and Soda_private.pem with
           creddy --generate --cn Soda
                   generate Chocolate_ID.pem and Chocolate_private.pem with
           creddy --generate --cn Cream
                   generate passphrase file
                   generate a private key using openssl

   This program will generate an attribute rule, write it out to an external
           file and also load it into the context (prolog db)
           [keyid:Soda].delicious <- [Keyid:Chocolate]

   Then, a query is made against the context to see if it is populated correctly.

   Note: Cream's principal is loaded without it private key. It does not
         need to because it is not being used to generate attribute credential

"""




from sys import argv, exit
from ABAC import Context
from ABAC import ID, Attribute, Role

debug=0

## initial context
ctxt = Context()

if len(argv) != 6:
    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pfile> <c_cert.pem>"
    exit(1)

# load the ID and its key
id = None
try:
    id = ID(argv[1])
    id.id_load_encrypted_privkey_file(argv[2], argv[4])
    cream_id = ID(argv[5])
except Exception, e:
    print "Problem loading ID cert: %s" % e
    exit(1)

if debug :
    print "before the load"
    id.print_key_chunk()

# load the id into the context
ctxt.load_id_encrypted_chunks(id.id_cert_chunk(), id.id_privkey_chunk(), argv[4])
# another way to load the id into the context
ctxt.load_id(cream_id)

if debug :
    print "after the load"
    print "old,"
    id.print_key_chunk()

nid=ctxt.lookup_principal(id.id_keyid())
if debug :
    print "new,"
    nid.print_key_chunk()

out = ctxt.context_principals()
print "\n...final principal set..."
for x in out[1]:
    print "%s " % x.string()


# create an attribute cert
head= Role(id.id_keyid(),"delicious")
tail= Role(cream_id.id_keyid())

attr = Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()

# load attribute cert into the context
ctxt.load_attribute_chunk(attr.cert_chunk())

# another way to load the attribute cert into the context,
# ctxt.load_attribute(attr)

# yet another way to load the attribute cert into the context,
attr.attribute_write_cert(argv[3])
# ctxt.load_attribute_file(argv[3])

# what is in prolog db
# ctxt.dump_yap_db()

# run a proof
role = Role(id.id_keyid(),"delicious")
p=Role(cream_id.id_keyid())

out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())