source: examples/python_tests/access_ctxt_rt2/attr.py @ 2e9455f

mei_rt2
Last change on this file since 2e9455f was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 5.0 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5creates a principal(Joe) and constructs the credentials described and puts
6copies into this directory
7
8cmd1:env keystore=`pwd` ./attr.py
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15print "ABAC version %s" % ctxt.version()
16
17# Keystore is the directory containing the principal credentials.
18# Load existing principals and/or policy credentials
19if (os.environ.has_key("keystore")) :
20    keystore=os.environ["keystore"]
21    ctxt.load_directory(keystore)
22else:
23    print("keystore is not set...")
24    exit(1)
25
26# Print the principals and credentials in the keystore
27out = ctxt.context_principals()
28print "...initial principal set..."
29for x in out[1]:
30    print "%s " % x.string()
31print "\n" 
32
33out = ctxt.context_credentials()
34print "...initial policy attribute set..."
35for c in out[1]:
36    print "%s <- %s" % (c.head_string(), c.tail_string())
37print "\n"
38
39# Construct a "Joe" principal and load it into the ABAC context
40joeID=ABAC.ID("Joe", 0)
41ctxt.load_id(joeID)
42# Write out the Joe Principal to 2 files - one for the key and one for the
43# identity.  The identity can be shared, but the key must be kept secret.
44joeID.id_write_privkey("Joe_private.pem")
45joeID.id_write_cert("Joe_ID.pem")
46# Keep a copy of Joe's key identifier as a string.
47joe=joeID.id_keyid()
48
49# Load alpha and bob from local files (created by ./setup.py)
50alphaID=ABAC.ID("Alpha_ID.pem")
51alphaID.id_load_privkey_file("Alpha_private.pem");
52alpha=alphaID.id_keyid()
53
54bobID=ABAC.ID("Bob_ID.pem")
55bobID.id_load_privkey_file("Bob_private.pem");
56bob=bobID.id_keyid()
57
58################################################
59# [keyid:alpha].role:access([string:'Read',
60#                [urn:?F[keyid:alpha].oset:documents([string:?P])])
61#                                 <- [keyid:alpha].role:team([string:?P])
62# Credential 1
63param=ABAC.DataTerm("string", "P")
64oset=ABAC.Oset(alpha,"documents")
65oset.oset_add_data_term(param)
66cond=ABAC.Constraint(oset)
67param2=ABAC.DataTerm("urn", "F", cond)
68param1=ABAC.DataTerm("string", "'Read'")
69head = ABAC.Role(alpha,"access")
70head.role_add_data_term(param1)
71head.role_add_data_term(param2)
72param3=ABAC.DataTerm("string", "P")
73tail = ABAC.Role(alpha,"team")
74tail.role_add_data_term(param3)
75attr=ABAC.Attribute(head, 1800)
76attr.attribute_add_tail(tail)
77attr.attribute_bake()
78attr.attribute_write_cert("Alpha_access_qFqP__alpha_team_qP_attr.der")
79
80#################################################
81## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA']
82## Credential 2
83param1=ABAC.DataTerm("string", "'proj1'")
84head = ABAC.Oset(alpha,"documents")
85head.oset_add_data_term(param1)
86obj = ABAC.DataTerm("urn", "'file//fileA'")
87tail= ABAC.Oset(obj)
88attr=ABAC.Attribute(head, 1800)
89attr.attribute_add_tail(tail)
90attr.attribute_bake()
91attr.attribute_write_cert("Alpha_team_proj1__fileA_attr.der")
92
93#################################################
94## [keyid:alpha].oset:documents([string:'proj2'])<-[urn:'file//fileB']
95## Credential 3
96param1=ABAC.DataTerm("string", "'proj2'")
97head = ABAC.Oset(alpha,"documents")
98head.oset_add_data_term(param1)
99obj = ABAC.DataTerm("urn", "'file//fileB'")
100tail= ABAC.Oset(obj)
101attr=ABAC.Attribute(head, 1800)
102attr.attribute_add_tail(tail)
103attr.attribute_bake()
104attr.attribute_write_cert("Alpha_team_proj2__fileB_attr.der")
105
106#################################################
107## [keyid:alpha].oset:documents([string:'proj2'])<-[urn:'file//fileC']
108## Credential 4
109param1=ABAC.DataTerm("string", "'proj2'")
110head = ABAC.Oset(alpha,"documents")
111head.oset_add_data_term(param1)
112obj = ABAC.DataTerm("urn", "'file//fileC'")
113tail= ABAC.Oset(obj)
114attr=ABAC.Attribute(head, 1800)
115attr.attribute_add_tail(tail)
116attr.attribute_bake()
117attr.attribute_write_cert("Alpha_team_proj2__fileC_attr.der")
118
119#################################################
120## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileC']
121## Credential 5
122param1=ABAC.DataTerm("string", "'proj1'")
123head = ABAC.Oset(alpha,"documents")
124head.oset_add_data_term(param1)
125obj = ABAC.DataTerm("urn", "'file//fileC'")
126tail= ABAC.Oset(obj)
127attr=ABAC.Attribute(head, 1800)
128attr.attribute_add_tail(tail)
129attr.attribute_bake()
130attr.attribute_write_cert("Alpha_team_proj1__fileC_attr.der")
131
132#################################################
133## [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob]
134## Credential 6
135param1=ABAC.DataTerm("string", "'proj1'")
136head = ABAC.Role(alpha,"team")
137head.role_add_data_term(param1)
138tail = ABAC.Role(bob)
139attr=ABAC.Attribute(head, 1800)
140attr.attribute_add_tail(tail)
141attr.attribute_bake()
142attr.attribute_write_cert("Alpha_team_proj1__Bob_attr.der")
143
144#################################################
145## [keyid:alpha].role:team([string:'proj2'])<-[keyid:joe]
146## Credential 7
147param1=ABAC.DataTerm("string", "'proj2'")
148head = ABAC.Role(alpha,"team")
149head.role_add_data_term(param1)
150tail = ABAC.Role(joe)
151attr=ABAC.Attribute(head, 1800)
152attr.attribute_add_tail(tail)
153attr.attribute_bake()
154attr.attribute_write_cert("Alpha_team_proj2__Joe_attr.der")
155
156
Note: See TracBrowser for help on using the repository browser.