#!/usr/bin/env python """ to test with python cmd1:env keystore=`pwd` ./attr.py expect this to fail, cmd2: env ABAC_CN=1 keystore=`pwd` ./attr.py """ import os import ABAC keystore=os.environ["keystore"] ctxt = ABAC.Context() print "ABAC version %s" % ctxt.version() ctxt.load_directory(keystore) out = ctxt.context_principals() print "...initial principal set..." for x in out[1]: print "%s " % x.string() print "\n" out = ctxt.context_credentials() print "...initial policy attribute set..." for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) print "\n" joeID=ABAC.ID("Joe", 0) ctxt.load_id(joeID) #joeID.write_privkey("Joe_IDKEY.pem") #joeID.write_cert("Joe_IDKEY.pem") joeID.write_privkey("Joe_private.pem") joeID.write_cert("Joe_ID.pem") joe=joeID.keyid() #ctxt.load_id_file("Alpha_ID.pem","Alpha_private.pem") alphaID=ABAC.ID("Alpha_ID.pem") alphaID.load_privkey("Alpha_private.pem"); alpha=alphaID.keyid() #ctxt.load_id_file("Bob_ID.pem","Bob_private.pem") bobID=ABAC.ID("Bob_ID.pem") bobID.load_privkey("Bob_private.pem"); bob=bobID.keyid() ################################################ # [keyid:alpha].role:access([string:'Read'],[urn:'file//fileB']) <- [keyid:bob] param1=ABAC.DataTerm("string", "'Read'") param2=ABAC.DataTerm("urn","'file//fileB'") role = ABAC.Role(alpha,"access") role.add_data_term(param1) role.add_data_term(param2) p = ABAC.Role(bob) attr=ABAC.Attribute(role, 1800) attr.add_tail(p) attr.bake() attr.write_cert("Alpha_access_fileB__Bob_attr.der") ctxt.load_attribute_file("Alpha_access_fileB__Bob_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################# ## [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob] param1=ABAC.DataTerm("string", "'proj1'") role = ABAC.Role(alpha,"team") role.add_data_term(param1) tail = ABAC.Role(bob) attr=ABAC.Attribute(role, 1800) attr.add_tail(tail) attr.bake() attr.write_cert("Alpha_team_proj1__Bob_attr.der") ctxt.load_attribute_file("Alpha_team_proj1__Bob_attr.der") print attr.string() print attr.typed_string() print "\n" ################################################# ## [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe] param1=ABAC.DataTerm("string", "'proj2'") role = ABAC.Role(alpha,"team") role.add_data_term(param1) tail = ABAC.Role(joe) attr=ABAC.Attribute(role, 1800) attr.add_tail(tail) attr.bake() attr.write_cert("Alpha_team_proj2__Joe_attr.der") ctxt.load_attribute_file("Alpha_team_proj2__Joe_attr.der") print attr.string() print attr.typed_string() print "\n" ## bad beause of that constraint.. ################################################ # [keyid:alpha].role:access([string:'Read', # [urn:?F[keyid:alpha].oset:documents([string:?P])]) # <- [keyid:alpha].role:team([string:?P]) param=ABAC.DataTerm("string", "P") oset=ABAC.Oset(alpha,"documents") oset.add_data_term(param) cond=ABAC.Constraint(oset) param2=ABAC.DataTerm("urn", "F", cond) param1=ABAC.DataTerm("string", "'Read'") head = ABAC.Role(alpha,"access") head.add_data_term(param1) head.add_data_term(param2) param3=ABAC.DataTerm("string", "P") tail = ABAC.Role(alpha,"team") tail.add_data_term(param3) attr=ABAC.Attribute(head, 1800) attr.add_tail(tail) attr.bake() attr.write_cert("Alpha_access_qFqP__alpha_team_qP_attr.der") #ctxt.load_attribute_file("Alpha_access_qFqP__alpha_team_qP_attr.der") ctxt.load_attribute(attr) #print attr.string() #print attr.typed_string() #print "\n" ################################################# ## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] param1=ABAC.DataTerm("string", "'proj1'") oset = ABAC.Oset(alpha,"documents") oset.add_data_term(param1) obj = ABAC.DataTerm("urn", "'file//fileA'") tail= ABAC.Oset(obj) attr=ABAC.Attribute(oset, 1800) attr.add_tail(tail) attr.bake() attr.write_cert("Alpha_team_proj1__fileA_attr.der") ctxt.load_attribute_file("Alpha_team_proj1__fileA_attr.der") print attr.string() print attr.typed_string() print "\n" #ctxt.dump_yap() ##