#!/usr/bin/env python

/**
   abac_e_attr.py

   To demonstrate how to use ABAC's api in C with principal credential that uses
   encrypted private key

   call:   attr_e_abac Soda_ID.pem Soda_private.pem Soda_attr.der pfile Cream_ID.pem

   pre-conditions: generate Soda_ID.pem and Soda_private.pem with
           creddy --generate --cn Soda
                   generate Chocolate_ID.pem and Chocolate_private.pem with
           creddy --generate --cn Cream
                   generate passphrase file
                   generate a private key using openssl

   This program will generate an attribute rule, write it out to an external
           file and also load it into the context (prolog db)
           [keyid:Soda].delicious <- [Keyid:Chocolate]

   Then, a query is made against the context to see if it is populated correctly.

   Note: Cream's principal is loaded without it private key. It does not
         need to because it is not being used to generate attribute credential

**/




from sys import argv, exit
from ABAC import Context
from ABAC import ID, Attribute, Role

debug=0

## initial context
ctxt = Context()

if len(argv) != 6:
    print "Usage: abac_attr.py <cert.pem> <key.pem> <attr.der> <pfile> <c_cert.pem>"
    exit(1)

# load the ID and its key
id = None
try:
    id = ID(argv[1])
    id.id_load_encrypted_privkey_file(argv[2], argv[4])
    cream_id = ID(argv[5])
except Exception, e:
    print "Problem loading ID cert: %s" % e
    exit(1)

if debug :
    print "before the load"
    id.print_key_chunk()

# load the id into the context
ctxt.load_id_encrypted_chunks(id.id_cert_chunk(), id.id_privkey_chunk(), argv[4])
# another way to load the id into the context
ctxt.load_id(cream_id)

if debug :
    print "after the load"
    print "old,"
    id.print_key_chunk()

nid=ctxt.lookup_principal(id.id_keyid())
if debug :
    print "new,"
    nid.print_key_chunk()

out = ctxt.context_principals()
print "\n...final principal set..."
for x in out[1]:
    print "%s " % x.string()


# create an attribute cert
head= Role(id.id_keyid(),"delicious")
tail= Role(cream_id.id_keyid())

attr = Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()

# load attribute cert into the context
ctxt.load_attribute_chunk(attr.cert_chunk())

# another way to load the attribute cert into the context,
# ctxt.load_attribute(attr)

# yet another way to load the attribute cert into the context,
attr.attribute_write_cert(argv[3])
# ctxt.load_attribute_file(argv[3])

# what is in prolog db
# ctxt.dump_yap_db()

# run a proof
role = Role(id.id_keyid(),"delicious")
p=Role(cream_id.id_keyid())

out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())