source: examples/python_tests/access_rt2/attr.py @ c6d5da3

mei_rt2mei_rt2_fix_1
Last change on this file since c6d5da3 was f824a9e, checked in by Mei <mei@…>, 13 years ago

1) add more doc to python_tests

  • Property mode set to 100755
File size: 4.7 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5creates a principal(Joe) and constructs the credentials described and puts
6copies into this directory
7
8cmd1:env keystore=`pwd` ./attr.py
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
15print "ABAC version %s" % ctxt.version()
16
17# Keystore is the directory containing the principal credentials.
18# Load existing principals and/or policy credentials
19if (os.environ.has_key("keystore")) :
20    keystore=os.environ["keystore"]
21    ctxt.load_directory(keystore)
22
23# Print the principals and credentials in the keystore
24out = ctxt.context_principals()
25print "...initial principal set..."
26for x in out[1]:
27    print "%s " % x.string()
28print "\n" 
29
30out = ctxt.context_credentials()
31print "...initial policy attribute set..."
32for c in out[1]:
33    print "%s <- %s" % (c.head_string(), c.tail_string())
34print "\n"
35
36# Construct a "Joe" principal and load it into the ABAC context
37joeID=ABAC.ID("Joe", 0)
38ctxt.load_id(joeID)
39# Write out the Joe Principal to 2 files - one for the key and one for the
40# identity.  The identity can be shared, but the key must be kept secret.
41joeID.id_write_privkey("Joe_private.pem")
42joeID.id_write_cert("Joe_ID.pem")
43# Keep a copy of Joe's key identifier as a string.
44joe=joeID.id_keyid()
45
46# Load alpha and bob from local files (created by ./setup.py)
47alphaID=ABAC.ID("Alpha_ID.pem")
48alphaID.id_load_privkey_file("Alpha_private.pem");
49alpha=alphaID.id_keyid()
50
51bobID=ABAC.ID("Bob_ID.pem")
52bobID.id_load_privkey_file("Bob_private.pem");
53bob=bobID.id_keyid()
54
55################################################
56# Create the credential
57# [keyid:alpha].role:access([string:'Read'],[urn:'file//fileB']) <- [keyid:bob]
58param1=ABAC.DataTerm("string", "'Read'")
59param2=ABAC.DataTerm("urn","'file//fileB'")
60head = ABAC.Role(alpha,"access")
61
62# Attach the parameters to the access role
63head.role_add_data_term(param1)
64head.role_add_data_term(param2)
65tail = ABAC.Role(bob)
66
67# Hook the head to the tail
68attr=ABAC.Attribute(head, 1800)
69attr.attribute_add_tail(tail)
70
71# create the credential
72attr.attribute_bake()
73
74# Save a copy and add the credential to the context
75attr.attribute_write_cert("Alpha_access_fileB__Bob_attr.der")
76ctxt.load_attribute_file("Alpha_access_fileB__Bob_attr.der")
77print attr.string() 
78print attr.typed_string()
79print "\n"
80
81# Constructing the others are similar
82
83#################################################
84## [keyid:alpha].role:team([string:'proj1'])<-[keyid:bob]
85param1=ABAC.DataTerm("string", "'proj1'")
86head = ABAC.Role(alpha,"team")
87head.role_add_data_term(param1)
88tail = ABAC.Role(bob)
89attr=ABAC.Attribute(head, 1800)
90attr.attribute_add_tail(tail)
91attr.attribute_bake()
92attr.attribute_write_cert("Alpha_team_proj1__Bob_attr.der")
93ctxt.load_attribute_file("Alpha_team_proj1__Bob_attr.der")
94print attr.string() 
95print attr.typed_string()
96print "\n"
97
98#################################################
99## [keyid:alpha].role:team([string:'proj2'])<-[keyid:Joe]
100param1=ABAC.DataTerm("string", "'proj2'")
101head = ABAC.Role(alpha,"team")
102head.role_add_data_term(param1)
103tail = ABAC.Role(joe)
104attr=ABAC.Attribute(head, 1800)
105attr.attribute_add_tail(tail)
106attr.attribute_bake()
107attr.attribute_write_cert("Alpha_team_proj2__Joe_attr.der")
108ctxt.load_attribute_file("Alpha_team_proj2__Joe_attr.der")
109print attr.string() 
110print attr.typed_string()
111print "\n"
112
113################################################
114# [keyid:alpha].role:access([string:'Read',
115#                [urn:?F[keyid:alpha].oset:documents([string:?P])])
116#                                 <- [keyid:alpha].role:team([string:?P])
117param=ABAC.DataTerm("string", "P")
118oset=ABAC.Oset(alpha,"documents")
119oset.oset_add_data_term(param)
120cond=ABAC.Constraint(oset)
121param2=ABAC.DataTerm("urn", "F", cond)
122param1=ABAC.DataTerm("string", "'Read'")
123head = ABAC.Role(alpha,"access")
124head.role_add_data_term(param1)
125head.role_add_data_term(param2)
126param3=ABAC.DataTerm("string", "P")
127tail = ABAC.Role(alpha,"team")
128tail.role_add_data_term(param3)
129attr=ABAC.Attribute(head, 1800)
130attr.attribute_add_tail(tail)
131attr.attribute_bake()
132attr.attribute_write_cert("Alpha_access_qFqP__alpha_team_qP_attr.der")
133ctxt.load_attribute(attr)
134print attr.string() 
135print attr.typed_string()
136print "\n"
137
138
139#################################################
140## [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA']
141param1=ABAC.DataTerm("string", "'proj1'")
142head = ABAC.Oset(alpha,"documents")
143head.oset_add_data_term(param1)
144obj = ABAC.DataTerm("urn", "'file//fileA'")
145tail= ABAC.Oset(obj)
146attr=ABAC.Attribute(head, 1800)
147attr.attribute_add_tail(tail)
148attr.attribute_bake()
149attr.attribute_write_cert("Alpha_team_proj1__fileA_attr.der")
150ctxt.load_attribute(attr)
151print attr.string() 
152print attr.typed_string()
153print "\n"
154
Note: See TracBrowser for help on using the repository browser.