source: examples/python_tests/access_rt2/attr.py @ 669b481

#!/usr/bin/env python

"""
  to test with python

cmd1:env keystore=`pwd` ./attr.py 
"""

import os
import ABAC

keystore=os.environ["keystore"]

ctxt = ABAC.Context()
print "ABAC version %s" % ctxt.version()

ctxt.load_directory(keystore)

out = ctxt.context_principals()
print "...initial principal set..."
for x in out[1]:
    print "%s " % x.string()
print "\n" 

out = ctxt.context_credentials()
print "...initial policy attribute set..."
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())
print "\n"

joeID=ABAC.ID("Joe", 0)
ctxt.load_id(joeID)
#joeID.id_write_privkey("Joe_IDKEY.pem")
#joeID.id_write_cert("Joe_IDKEY.pem")
joeID.id_write_privkey("Joe_private.pem")
joeID.id_write_cert("Joe_ID.pem")
joe=joeID.id_keyid()

alphaID=ABAC.ID("Alpha_ID.pem")
alphaID.id_load_privkey_file("Alpha_private.pem");
alpha=alphaID.id_keyid()

bobID=ABAC.ID("Bob_ID.pem")
bobID.id_load_privkey_file("Bob_private.pem");
bob=bobID.id_keyid()

################################################
# [keyid:alpha].role:access([string:'Read'],[urn:'file//fileB']) <- [keyid:bob]
param1=ABAC.DataTerm("string", "'Read'")
param2=ABAC.DataTerm("urn","'file//fileB'")
head = ABAC.Role(alpha,"access")
head.role_add_data_term(param1)
head.role_add_data_term(param2)
tail = ABAC.Role(bob)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_access_fileB__Bob_attr.der")
ctxt.load_attribute_file("Alpha_access_fileB__Bob_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
## [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob]
param1=ABAC.DataTerm("string", "'proj1'")
head = ABAC.Role(alpha,"team")
head.role_add_data_term(param1)
tail = ABAC.Role(bob)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_team_proj1__Bob_attr.der")
ctxt.load_attribute_file("Alpha_team_proj1__Bob_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
## [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe]
param1=ABAC.DataTerm("string", "'proj2'")
head = ABAC.Role(alpha,"team")
head.role_add_data_term(param1)
tail = ABAC.Role(joe)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_team_proj2__Joe_attr.der")
ctxt.load_attribute_file("Alpha_team_proj2__Joe_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

################################################
# [keyid:alpha].role:access([string:'Read',
#                [urn:?F[keyid:alpha].oset:documents([string:?P])])
#                                 <- [keyid:alpha].role:team([string:?P]) 
param=ABAC.DataTerm("string", "P")
oset=ABAC.Oset(alpha,"documents")
oset.oset_add_data_term(param)
cond=ABAC.Constraint(oset)
param2=ABAC.DataTerm("urn", "F", cond)
param1=ABAC.DataTerm("string", "'Read'")
head = ABAC.Role(alpha,"access")
head.role_add_data_term(param1)
head.role_add_data_term(param2)
param3=ABAC.DataTerm("string", "P")
tail = ABAC.Role(alpha,"team")
tail.role_add_data_term(param3)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_access_qFqP__alpha_team_qP_attr.der")
ctxt.load_attribute(attr)
#print attr.string() 
#print attr.typed_string()
#print "\n"


#################################################
## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA']
param1=ABAC.DataTerm("string", "'proj1'")
head = ABAC.Oset(alpha,"documents")
head.oset_add_data_term(param1)
obj = ABAC.DataTerm("urn", "'file//fileA'")
tail= ABAC.Oset(obj)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Alpha_team_proj1__fileA_attr.der")
ctxt.load_attribute(attr)
print attr.string() 
print attr.typed_string()
print "\n"

ctxt.dump_yap_db()
##