1 | #!/bin/sh |
---|
2 | |
---|
3 | rm -rf *.der *.pem |
---|
4 | |
---|
5 | # alpha.read(fileA) <-?- Bob |
---|
6 | #[keyid:Alpha].role:read([urn:'file://fileA']) <-?- [keyid:Bob] (yes) |
---|
7 | #[keyid:Alpha].role:read([urn:'file://fileA']) <-?- [keyid:Maryann] (yes) |
---|
8 | |
---|
9 | creddy --generate --cn Alpha |
---|
10 | creddy --generate --cn Bob |
---|
11 | creddy --generate --cn Maryann |
---|
12 | creddy --generate --cn Joe |
---|
13 | |
---|
14 | alpha_keyid=`creddy --keyid --cert Alpha_ID.pem` |
---|
15 | bob_keyid=`creddy --keyid --cert Bob_ID.pem` |
---|
16 | maryann_keyid=`creddy --keyid --cert Maryann_ID.pem` |
---|
17 | joe_keyid=`creddy --keyid --cert Joe_ID.pem` |
---|
18 | |
---|
19 | read_fileA="read([urn:'file://fileA'])" |
---|
20 | managerof_joe="managerOf([keyid:$joe_keyid])" |
---|
21 | ownerof_fileA="ownerOf([urn:'file://fileA'])" |
---|
22 | managerof_qE="managerOf([principal:?E[keyid:$alpha_keyid].role:ownerOf([urn:?F])])" |
---|
23 | |
---|
24 | # alpha.read(?F) <- alpha.managerOf(?E:alpha.ownerOf(?F)) |
---|
25 | # [keyid:alpha].role:read([urn:?F])<- |
---|
26 | # [keyid:alpha].role:managerOf([principal:?E[keyid:alpha].role:ownerOf([urn:?F])] |
---|
27 | creddy --attribute \ |
---|
28 | --issuer Alpha_ID.pem --key Alpha_private.pem --role "read([urn:?F])" \ |
---|
29 | --subject-cert Alpha_ID.pem --subject-role "$managerof_qE" \ |
---|
30 | --out Alpha_read_qF__alpha_managerof_qE_attr.der |
---|
31 | |
---|
32 | #[keyid:Alpha].role:managerOf([Keyid:Joe]) <- [keyid:Bob] |
---|
33 | creddy --attribute \ |
---|
34 | --issuer Alpha_ID.pem --key Alpha_private.pem --role "$managerof_joe" \ |
---|
35 | --subject-cert Bob_ID.pem \ |
---|
36 | --out Alpha_managerof_Joe__Bob_attr.der |
---|
37 | |
---|
38 | #[keyid:Alpha].role:ownerOf([urn:'file://fileA']) <- [keyid:Joe] |
---|
39 | creddy --attribute \ |
---|
40 | --issuer Alpha_ID.pem --key Alpha_private.pem --role "$ownerof_fileA" \ |
---|
41 | --subject-cert Joe_ID.pem \ |
---|
42 | --out Alpha_ownerof_fileA__Joe_attr.der |
---|
43 | |
---|
44 | #################################################################################### |
---|
45 | # note: |
---|
46 | # |
---|
47 | # alpha.read(?F) <- alpha.manager(?E:alpha.owner(?F)) |
---|
48 | # [keyid:alpha].role:read([urn:?F])<- |
---|
49 | # #[keyid:alpha].role:manager([principal:?E[keyid:alpha].role:owner([urn:?F])]) |
---|
50 | # |
---|
51 | # alpha.read(?F) <- alpha.manager(?E) |
---|
52 | # and alpha.owner(?F) <- ?E |
---|
53 | # |
---|
54 | # [keyid:alpha].role:read([urn:?F])<-[keyid:?M] |
---|
55 | # [keyid:alpha].role:manager([principal:?E])<-[keyid:?M] |
---|
56 | # [keyid:alpha].role:owner([urn:?F])<-[keyid:?E] |
---|
57 | # |
---|
58 | # isMember(M,role(alpha,read,F)) :- |
---|
59 | # isMember(M, role(alpha,manager,E)), |
---|
60 | # isMember(E, role(alpha,owner,F)) <-- constraining rule |
---|
61 | # |
---|
62 | # alpha.read(?F) <- alpha.manager(?E) |
---|
63 | # alpha.owner(?F) <- ?E |
---|
64 | # |
---|
65 | # condition like this, |
---|
66 | # ?E:A.r needs to be translate into constraining rule, A.r<-?E |
---|
67 | # |
---|
68 | # query, |
---|
69 | # alpha.read(fileA) <-?- Bob |
---|
70 | # needs |
---|
71 | # alpha.manager(Joe)<-Bob |
---|
72 | # alpha.owner(fileA)<-Joe |
---|
73 | |
---|