source: examples/python_tests/access_rt2/attr.py @ c3c73bd

mei_rt2mei_rt2_fix_1
Last change on this file since c3c73bd was 646e57e, checked in by Mei <mei@…>, 12 years ago

1) add partial proof
  • Property mode set to 100755
File size: 4.7 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5creates a principal(Joe) and constructs the credentials described and puts
6copies into this directory
7
8cmd1:env keystore=`pwd` ./attr.py
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15print "ABAC version %s" % ctxt.version()
16
17# Keystore is the directory containing the principal credentials.
18# Load existing principals and/or policy credentials
19if (os.environ.has_key("keystore")) :
20    keystore=os.environ["keystore"]
21    ctxt.load_directory(keystore)
22else:
23    print("keystore is not set...")
24    exit(1)
25
26# Print the principals and credentials in the keystore
27out = ctxt.context_principals()
28print "...initial principal set..."
29for x in out[1]:
30    print "%s " % x.string()
31print "\n" 
32
33out = ctxt.context_credentials()
34print "...initial policy attribute set..."
35for c in out[1]:
36    print "%s <- %s" % (c.head_string(), c.tail_string())
37print "\n"
38
39# Construct a "Joe" principal and load it into the ABAC context
40joeID=ABAC.ID("Joe", 0)
41ctxt.load_id(joeID)
42# Write out the Joe Principal to 2 files - one for the key and one for the
43# identity.  The identity can be shared, but the key must be kept secret.
44joeID.id_write_privkey("Joe_private.pem")
45joeID.id_write_cert("Joe_ID.pem")
46# Keep a copy of Joe's key identifier as a string.
47joe=joeID.id_keyid()
48
49# Load alpha and bob from local files (created by ./setup.py)
50alphaID=ABAC.ID("Alpha_ID.pem")
51alphaID.id_load_privkey_file("Alpha_private.pem");
52alpha=alphaID.id_keyid()
53
54bobID=ABAC.ID("Bob_ID.pem")
55bobID.id_load_privkey_file("Bob_private.pem");
56bob=bobID.id_keyid()
57
58################################################
59# Create the credential
60# [keyid:alpha].role:access([string:'Read'],[urn:'file//fileB']) <- [keyid:bob]
61param1=ABAC.DataTerm("string", "'Read'")
62param2=ABAC.DataTerm("urn","'file//fileB'")
63head = ABAC.Role(alpha,"access")
64
65# Attach the parameters to the access role
66head.role_add_data_term(param1)
67head.role_add_data_term(param2)
68tail = ABAC.Role(bob)
69
70# Hook the head to the tail
71attr=ABAC.Attribute(head, 1800)
72attr.attribute_add_tail(tail)
73
74# create the credential
75attr.attribute_bake()
76
77# Save a copy and add the credential to the context
78attr.attribute_write_cert("Alpha_access_fileB__Bob_attr.der")
79ctxt.load_attribute_file("Alpha_access_fileB__Bob_attr.der")
80print attr.string() 
81print attr.typed_string()
82print "\n"
83
84# Constructing the others are similar
85
86#################################################
87## [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob]
88param1=ABAC.DataTerm("string", "'proj1'")
89head = ABAC.Role(alpha,"team")
90head.role_add_data_term(param1)
91tail = ABAC.Role(bob)
92attr=ABAC.Attribute(head, 1800)
93attr.attribute_add_tail(tail)
94attr.attribute_bake()
95attr.attribute_write_cert("Alpha_team_proj1__Bob_attr.der")
96ctxt.load_attribute_file("Alpha_team_proj1__Bob_attr.der")
97print attr.string() 
98print attr.typed_string()
99print "\n"
100
101#################################################
102## [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe]
103param1=ABAC.DataTerm("string", "'proj2'")
104head = ABAC.Role(alpha,"team")
105head.role_add_data_term(param1)
106tail = ABAC.Role(joe)
107attr=ABAC.Attribute(head, 1800)
108attr.attribute_add_tail(tail)
109attr.attribute_bake()
110attr.attribute_write_cert("Alpha_team_proj2__Joe_attr.der")
111ctxt.load_attribute_file("Alpha_team_proj2__Joe_attr.der")
112print attr.string() 
113print attr.typed_string()
114print "\n"
115
116################################################
117# [keyid:alpha].role:access([string:'Read',
118#                [urn:?F[keyid:alpha].oset:documents([string:?P])])
119#                                 <- [keyid:alpha].role:team([string:?P])
120param=ABAC.DataTerm("string", "P")
121oset=ABAC.Oset(alpha,"documents")
122oset.oset_add_data_term(param)
123cond=ABAC.Constraint(oset)
124param2=ABAC.DataTerm("urn", "F", cond)
125param1=ABAC.DataTerm("string", "'Read'")
126head = ABAC.Role(alpha,"access")
127head.role_add_data_term(param1)
128head.role_add_data_term(param2)
129param3=ABAC.DataTerm("string", "P")
130tail = ABAC.Role(alpha,"team")
131tail.role_add_data_term(param3)
132attr=ABAC.Attribute(head, 1800)
133attr.attribute_add_tail(tail)
134attr.attribute_bake()
135attr.attribute_write_cert("Alpha_access_qFqP__alpha_team_qP_attr.der")
136ctxt.load_attribute(attr)
137print attr.string() 
138print attr.typed_string()
139print "\n"
140
141
142#################################################
143## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA']
144param1=ABAC.DataTerm("string", "'proj1'")
145head = ABAC.Oset(alpha,"documents")
146head.oset_add_data_term(param1)
147obj = ABAC.DataTerm("urn", "'file//fileA'")
148tail= ABAC.Oset(obj)
149attr=ABAC.Attribute(head, 1800)
150attr.attribute_add_tail(tail)
151attr.attribute_bake()
152attr.attribute_write_cert("Alpha_team_proj1__fileA_attr.der")
153ctxt.load_attribute(attr)
154print attr.string() 
155print attr.typed_string()
156print "\n"
157
Note: See TracBrowser for help on using the repository browser.