source: examples/passphrase_tests/python/acme_rockets_rt0_hand/query.py @ 20eaefe

mei_rt2mei_rt2_fix_1
Last change on this file since 20eaefe was ba6027a, checked in by Mei <mei@…>, 12 years ago

1) modified code all around to add support for encrypted private key for

ID credential

2) add new abac_key_t structure (abac_key.c)
3) add new keycheck option to creddy
4) add 2 new test suites

  • Property mode set to 100755
File size: 2.7 KB
Line 
1#!/usr/bin/env python
2
3"""
4Run the queries described in README
5
6cmd1:env keystore=`pwd` ./query.py
7cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
8
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set...")
23    exit(1)
24
25# retrieve principals' keyid value from local credential files
26acmeID=ABAC.ID("Acme_ID.pem");
27acmeID.id_load_privkey_file("Acme_private.pem");
28acme=acmeID.id_keyid()
29
30coyoteID=ABAC.ID("Coyote_ID.pem");
31coyoteID.id_load_privkey_file("Coyote_private.pem");
32coyote=coyoteID.id_keyid()
33
34##########################################################################
35# dump the loaded principals/policies
36#
37out = ctxt.context_principals()
38print "\n...final principal set..."
39for x in out[1]:
40    print "%s " % x.string()
41out = ctxt.context_credentials()
42print "\n...final policy attribute set..."
43for c in out[1]:
44    print "%s <- %s" % (c.head_string(), c.tail_string())
45
46##########################################################################
47# is coyote a preferred_customer of Acme ?
48# role=[keyid:Acme].role:preferred_customer
49# p =[keyid:coyote]
50role = ABAC.Role(acme,"preferred_customer")
51p = ABAC.Role(coyote)
52print "\n===good============ Acme.preferred_customer <- Coyote"
53out = ctxt.query(role, p)
54for c in out[1]:
55    print "%s <- %s" % (c.head_string(), c.tail_string())
56
57##########################################################################
58# can coyote buy rockets from Acme ?
59# role=[keyid:Acme].role:buy_rockets
60# p =[keyid:coyote]
61role = ABAC.Role(acme,"buy_rockets")
62p = ABAC.Role(coyote)
63print "\n===good============ Acme.buy_rockets <- Coyote"
64out = ctxt.query(role, p)
65for c in out[1]:
66    print "%s <- %s" % (c.head_string(), c.tail_string())
67
68
69##########################################################################
70# is Acme a friend of coyote ?
71# role=[keyid:Coyote].role:friend
72# p=[keyid:Acme]
73role = ABAC.Role(coyote,"friend")
74p = ABAC.Role(acme)
75print "\n===bad=============== Coyote.friend <- Acme"
76out = ctxt.query(role, p)
77for c in out[1]:
78    print "%s <- %s" % (c.head_string(), c.tail_string())
79
80##########################################################################
81# using complex role to ask a question.. expecting to fail
82# role=[keyid:Acme].role:buy_rockets
83# p=[keyid:Acme].role:preferred_customer
84role = ABAC.Role(acme,"buy_rockets")
85p = ABAC.Role(acme,"preferred_customer")
86print "\n===bad=============== Acme.buy_rockets <- Acme.preferred_customer"
87out = ctxt.query(role, p)
88for c in out[1]:
89    print "%s <- %s" % (c.head_string(), c.tail_string())
90
91
92
Note: See TracBrowser for help on using the repository browser.