#!/usr/bin/env python """ See README in this directory for the semantics of the example. This file creates a principal(Joe) and constructs the credentials described and puts copies into this directory cmd1:env keystore=`pwd` ./attr.py """ import os import ABAC ctxt = ABAC.Context() print "ABAC version %s" % ctxt.version() # Keystore is the directory containing the principal credentials. # Load existing principals and/or policy credentials if (os.environ.has_key("keystore")) : keystore=os.environ["keystore"] ctxt.load_directory(keystore) # Print the principals and credentials in the keystore out = ctxt.context_principals() print "...initial principal set..." for x in out[1]: print "%s " % x.string() print "\n" out = ctxt.context_credentials() print "...initial policy attribute set..." for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) print "\n" # Construct a "Joe" principal and load it into the ABAC context joeID=ABAC.ID("Joe", 0) ctxt.load_id(joeID) # Write out the Joe Principal to 2 files - one for the key and one for the # identity. The identity can be shared, but the key must be kept secret. joeID.id_write_privkey("Joe_private.pem") joeID.id_write_cert("Joe_ID.pem") # Keep a copy of Joe's key identifier as a string. joe=joeID.id_keyid() # Load alpha and bob from local files (created by ./setup.py) alphaID=ABAC.ID("Alpha_ID.pem") alphaID.id_load_privkey_file("Alpha_private.pem"); alpha=alphaID.id_keyid() bobID=ABAC.ID("Bob_ID.pem") bobID.id_load_privkey_file("Bob_private.pem"); bob=bobID.id_keyid() ################################################ # Create the credential # [keyid:alpha].role:access([string:'Read'],[urn:'file//fileB']) <- [keyid:bob] param1=ABAC.DataTerm("string", "'Read'") param2=ABAC.DataTerm("urn","'file//fileB'") head = ABAC.Role(alpha,"access") # Attach the parameters to the access role head.role_add_data_term(param1) head.role_add_data_term(param2) tail = ABAC.Role(bob) # Hook the head to the tail attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) # create the credential attr.attribute_bake() # Save a copy and add the credential to the context attr.attribute_write_cert("Alpha_access_fileB__Bob_attr.der") ctxt.load_attribute_file("Alpha_access_fileB__Bob_attr.der") print attr.string() print attr.typed_string() print "\n" # Constructing the others are similar ################################################# ## [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob] param1=ABAC.DataTerm("string", "'proj1'") head = ABAC.Role(alpha,"team") head.role_add_data_term(param1) tail = ABAC.Role(bob) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Alpha_team_proj1__Bob_attr.der") ctxt.load_attribute_file("Alpha_team_proj1__Bob_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################# ## [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe] param1=ABAC.DataTerm("string", "'proj2'") head = ABAC.Role(alpha,"team") head.role_add_data_term(param1) tail = ABAC.Role(joe) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Alpha_team_proj2__Joe_attr.der") ctxt.load_attribute_file("Alpha_team_proj2__Joe_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################ # [keyid:alpha].role:access([string:'Read', # [urn:?F[keyid:alpha].oset:documents([string:?P])]) # <- [keyid:alpha].role:team([string:?P]) param=ABAC.DataTerm("string", "P") oset=ABAC.Oset(alpha,"documents") oset.oset_add_data_term(param) cond=ABAC.Constraint(oset) param2=ABAC.DataTerm("urn", "F", cond) param1=ABAC.DataTerm("string", "'Read'") head = ABAC.Role(alpha,"access") head.role_add_data_term(param1) head.role_add_data_term(param2) param3=ABAC.DataTerm("string", "P") tail = ABAC.Role(alpha,"team") tail.role_add_data_term(param3) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Alpha_access_qFqP__alpha_team_qP_attr.der") ctxt.load_attribute(attr) print attr.string() print attr.typed_string() print "\n" ################################################# ## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] param1=ABAC.DataTerm("string", "'proj1'") head = ABAC.Oset(alpha,"documents") head.oset_add_data_term(param1) obj = ABAC.DataTerm("urn", "'file//fileA'") tail= ABAC.Oset(obj) attr=ABAC.Attribute(head, 1800) attr.attribute_add_tail(tail) attr.attribute_bake() attr.attribute_write_cert("Alpha_team_proj1__fileA_attr.der") ctxt.load_attribute(attr) print attr.string() print attr.typed_string() print "\n"