Context Navigation

query.py @ 20eaefe

mei_rt2mei_rt2_fix_1

Last change on this file since 20eaefe was ba6027a, checked in by Mei <mei@…>, 12 years ago

1) modified code all around to add support for encrypted private key for

ID credential

2) add new abac_key_t structure (abac_key.c)
3) add new keycheck option to creddy
4) add 2 new test suites

Property mode set to 100755

File size: 2.7 KB

Rev	Line
[ba6027a]	1	#!/usr/bin/env python
	2
	3	"""
	4	Run the queries described in README
	5
	6	cmd1:env keystore=`pwd` ./query.py
	7	cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
	8
	9	"""
	10
	11	import os
	12	import ABAC
	13
	14	ctxt = ABAC.Context()
	15
	16	# Keystore is the directory containing the principal credentials.
	17	# Load existing principals and/or policy credentials
	18	if (os.environ.has_key("keystore")) :
	19	keystore=os.environ["keystore"]
	20	ctxt.load_directory(keystore)
	21	else:
	22	print("keystore is not set...")
	23	exit(1)
	24
	25	# retrieve principals' keyid value from local credential files
	26	acmeID=ABAC.ID("Acme_ID.pem");
	27	acmeID.id_load_privkey_file("Acme_private.pem");
	28	acme=acmeID.id_keyid()
	29
	30	coyoteID=ABAC.ID("Coyote_ID.pem");
	31	coyoteID.id_load_privkey_file("Coyote_private.pem");
	32	coyote=coyoteID.id_keyid()
	33
	34	##########################################################################
	35	# dump the loaded principals/policies
	36	#
	37	out = ctxt.context_principals()
	38	print "\n...final principal set..."
	39	for x in out[1]:
	40	print "%s " % x.string()
	41	out = ctxt.context_credentials()
	42	print "\n...final policy attribute set..."
	43	for c in out[1]:
	44	print "%s <- %s" % (c.head_string(), c.tail_string())
	45
	46	##########################################################################
	47	# is coyote a preferred_customer of Acme ?
	48	# role=[keyid:Acme].role:preferred_customer
	49	# p =[keyid:coyote]
	50	role = ABAC.Role(acme,"preferred_customer")
	51	p = ABAC.Role(coyote)
	52	print "\n===good============ Acme.preferred_customer <- Coyote"
	53	out = ctxt.query(role, p)
	54	for c in out[1]:
	55	print "%s <- %s" % (c.head_string(), c.tail_string())
	56
	57	##########################################################################
	58	# can coyote buy rockets from Acme ?
	59	# role=[keyid:Acme].role:buy_rockets
	60	# p =[keyid:coyote]
	61	role = ABAC.Role(acme,"buy_rockets")
	62	p = ABAC.Role(coyote)
	63	print "\n===good============ Acme.buy_rockets <- Coyote"
	64	out = ctxt.query(role, p)
	65	for c in out[1]:
	66	print "%s <- %s" % (c.head_string(), c.tail_string())
	67
	68
	69	##########################################################################
	70	# is Acme a friend of coyote ?
	71	# role=[keyid:Coyote].role:friend
	72	# p=[keyid:Acme]
	73	role = ABAC.Role(coyote,"friend")
	74	p = ABAC.Role(acme)
	75	print "\n===bad=============== Coyote.friend <- Acme"
	76	out = ctxt.query(role, p)
	77	for c in out[1]:
	78	print "%s <- %s" % (c.head_string(), c.tail_string())
	79
	80	##########################################################################
	81	# using complex role to ask a question.. expecting to fail
	82	# role=[keyid:Acme].role:buy_rockets
	83	# p=[keyid:Acme].role:preferred_customer
	84	role = ABAC.Role(acme,"buy_rockets")
	85	p = ABAC.Role(acme,"preferred_customer")
	86	print "\n===bad=============== Acme.buy_rockets <- Acme.preferred_customer"
	87	out = ctxt.query(role, p)
	88	for c in out[1]:
	89	print "%s <- %s" % (c.head_string(), c.tail_string())
	90
	91
	92

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: examples/passphrase_tests/python/acme_rockets_rt0/query.py @ 20eaefe

Download in other formats: