Context Navigation

attr.py @ 5110d42

mei_rt2mei_rt2_fix_1

Last change on this file since 5110d42 was 5110d42, checked in by Mei <mei@…>, 12 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

Property mode set to 100755

File size: 4.0 KB

Line
1	#!/usr/bin/env python
2
3	"""
4	to test with python
5
6	cmd1:env keystore=`pwd` ./attr.py
7	expect this to fail,
8	cmd2: env ABAC_CN=1 keystore=`pwd` ./attr.py
9
10	"""
11
12	import os
13	import ABAC
14
15	keystore=os.environ["keystore"]
16
17	ctxt = ABAC.Context()
18	print "ABAC version %s" % ctxt.version()
19
20	ctxt.load_directory(keystore)
21
22	out = ctxt.context_principals()
23	print "...initial principal set..."
24	for x in out[1]:
25	print "%s " % x.string()
26	print "\n"
27
28	out = ctxt.context_credentials()
29	print "...initial policy attribute set..."
30	for c in out[1]:
31	print "%s <- %s" % (c.head_string(), c.tail_string())
32	print "\n"
33
34	joeID=ABAC.ID("Joe", 0)
35	ctxt.load_id(joeID)
36	#joeID.write_privkey("Joe_IDKEY.pem")
37	#joeID.write_cert("Joe_IDKEY.pem")
38	joeID.write_privkey("Joe_private.pem")
39	joeID.write_cert("Joe_ID.pem")
40	joe=joeID.keyid()
41
42	#ctxt.load_id_file("Alpha_ID.pem","Alpha_private.pem")
43	alphaID=ABAC.ID("Alpha_ID.pem")
44	alphaID.load_privkey("Alpha_private.pem");
45	alpha=alphaID.keyid()
46
47	#ctxt.load_id_file("Bob_ID.pem","Bob_private.pem")
48	bobID=ABAC.ID("Bob_ID.pem")
49	bobID.load_privkey("Bob_private.pem");
50	bob=bobID.keyid()
51
52	################################################
53	# [keyid:alpha].role:access([string:'Read'],[urn:'file//fileB']) <- [keyid:bob]
54	param1=ABAC.DataTerm("string", "'Read'")
55	param2=ABAC.DataTerm("urn","'file//fileB'")
56	role = ABAC.Role(alpha,"access")
57	role.add_data_term(param1)
58	role.add_data_term(param2)
59	p = ABAC.Role(bob)
60	attr=ABAC.Attribute(role, 1800)
61	attr.add_tail(p)
62	attr.bake()
63	attr.write_cert("Alpha_access_fileB__Bob_attr.der")
64	ctxt.load_attribute_file("Alpha_access_fileB__Bob_attr.der")
65	print attr.string()
66	print attr.typed_string()
67	print "\n"
68
69	#################################################
70	## [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob]
71	param1=ABAC.DataTerm("string", "'proj1'")
72	role = ABAC.Role(alpha,"team")
73	role.add_data_term(param1)
74	tail = ABAC.Role(bob)
75	attr=ABAC.Attribute(role, 1800)
76	attr.add_tail(tail)
77	attr.bake()
78	attr.write_cert("Alpha_team_proj1__Bob_attr.der")
79	ctxt.load_attribute_file("Alpha_team_proj1__Bob_attr.der")
80	print attr.string()
81	print attr.typed_string()
82	print "\n"
83
84	#################################################
85	## [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe]
86	param1=ABAC.DataTerm("string", "'proj2'")
87	role = ABAC.Role(alpha,"team")
88	role.add_data_term(param1)
89	tail = ABAC.Role(joe)
90	attr=ABAC.Attribute(role, 1800)
91	attr.add_tail(tail)
92	attr.bake()
93	attr.write_cert("Alpha_team_proj2__Joe_attr.der")
94	ctxt.load_attribute_file("Alpha_team_proj2__Joe_attr.der")
95	print attr.string()
96	print attr.typed_string()
97	print "\n"
98
99	## bad beause of that constraint..
100	################################################
101	# [keyid:alpha].role:access([string:'Read',
102	# [urn:?F[keyid:alpha].oset:documents([string:?P])])
103	# <- [keyid:alpha].role:team([string:?P])
104	param=ABAC.DataTerm("string", "P")
105	oset=ABAC.Oset(alpha,"documents")
106	oset.add_data_term(param)
107	cond=ABAC.Constraint(oset)
108	param2=ABAC.DataTerm("urn", "F", cond)
109	param1=ABAC.DataTerm("string", "'Read'")
110	head = ABAC.Role(alpha,"access")
111	head.add_data_term(param1)
112	head.add_data_term(param2)
113	param3=ABAC.DataTerm("string", "P")
114	tail = ABAC.Role(alpha,"team")
115	tail.add_data_term(param3)
116
117	attr=ABAC.Attribute(head, 1800)
118	attr.add_tail(tail)
119	attr.bake()
120	attr.write_cert("Alpha_access_qFqP__alpha_team_qP_attr.der")
121	#ctxt.load_attribute_file("Alpha_access_qFqP__alpha_team_qP_attr.der")
122	ctxt.load_attribute(attr)
123	#print attr.string()
124	#print attr.typed_string()
125	#print "\n"
126
127
128	#################################################
129	## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA']
130	param1=ABAC.DataTerm("string", "'proj1'")
131	oset = ABAC.Oset(alpha,"documents")
132	oset.add_data_term(param1)
133	obj = ABAC.DataTerm("urn", "'file//fileA'")
134	tail= ABAC.Oset(obj)
135	attr=ABAC.Attribute(oset, 1800)
136	attr.add_tail(tail)
137	attr.bake()
138	attr.write_cert("Alpha_team_proj1__fileA_attr.der")
139	ctxt.load_attribute_file("Alpha_team_proj1__fileA_attr.der")
140	print attr.string()
141	print attr.typed_string()
142	print "\n"
143
144	#ctxt.dump_yap()
145	##

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: examples/python_tests/access_rt2/attr.py @ 5110d42

Download in other formats: