source: examples/python_tests/access_rt2/query.py @ 20eaefe

mei_rt2mei_rt2_fix_1
Last change on this file since 20eaefe was 646e57e, checked in by Mei <mei@…>, 12 years ago

1) add partial proof
  • Property mode set to 100755
File size: 3.1 KB
RevLine 
[5110d42]1#!/usr/bin/env python
2
3"""
[f824a9e]4Run the queries described in README
[5110d42]5
6cmd1:env keystore=`pwd` ./query.py
7cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py
8
9"""
10
11import os
12import ABAC
13
14ctxt = ABAC.Context()
[646e57e]15ctxt.set_no_partial_proof()
[5110d42]16
[f824a9e]17# Keystore is the directory containing the principal credentials.
18# Load existing principals and/or policy credentials
19if (os.environ.has_key("keystore")) :
20    keystore=os.environ["keystore"]
21    ctxt.load_directory(keystore)
22else:
23    print("keystore is not set...")
24    exit(1) 
[5110d42]25
[47d5cf9]26# Load the principals created in ./attr.py and ./setup.py.  Each has an
27# identity and private key.
[5110d42]28alphaID=ABAC.ID("Alpha_ID.pem");
[5d06689]29alphaID.id_load_privkey_file("Alpha_private.pem");
30alpha=alphaID.id_keyid()
[5110d42]31
32bobID=ABAC.ID("Bob_ID.pem");
[5d06689]33bobID.id_load_privkey_file("Bob_private.pem");
34bob=bobID.id_keyid()
[5110d42]35
36joeID=ABAC.ID("Joe_ID.pem");
[5d06689]37joeID.id_load_privkey_file("Joe_private.pem");
38joe=joeID.id_keyid()
[5110d42]39
[f824a9e]40##########################################################################
41# dump the loaded principals/policies
42#
43out = ctxt.context_principals()
44print "\n...final principal set..."
45for x in out[1]:
46    print "%s " % x.string()
47out = ctxt.context_credentials()
48print "\n...final policy attribute set..."
49for c in out[1]:
50    print "%s <- %s" % (c.head_string(), c.tail_string())
51
52##########################################################################
[47d5cf9]53# Construct and run the queries.  In each case we create a role object and a
54# principal and call the query method on the context.  The contents of the
55# proof are printed for successful queries.
56# role is the role to look for
57# p is the principal to check.
[5110d42]58##########################################################################
59# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
60# p = "[keyid:bob]"
61param1=ABAC.DataTerm("string", "'Read'")
62param2=ABAC.DataTerm("urn","'file//fileA'")
63role = ABAC.Role(alpha,"access")
[5d06689]64role.role_add_data_term(param1)
65role.role_add_data_term(param2)
[5110d42]66
[47d5cf9]67p = ABAC.Role(bob)
[5110d42]68print "\n===good============ Alpha.access(Read,fileA)<-?-Bob"
69out = ctxt.query(role, p)
70
71for c in out[1]:
72    print "%s <- %s" % (c.head_string(), c.tail_string())
73
74##########################################################################
75# role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA'])
76# p = "[keyid:joe]"
77param1=ABAC.DataTerm("string", "'Read'")
78param2=ABAC.DataTerm("urn","'file//fileA'")
79role = ABAC.Role(alpha,"access")
[5d06689]80role.role_add_data_term(param1)
81role.role_add_data_term(param2)
[5110d42]82p = ABAC.Role(joe)
83
84print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe"
85out = ctxt.query(role,p)
86
87for c in out[1]:
88    print "%s <- %s" % (c.head_string(), c.tail_string())
89
90
91##########################################################################
92# role =[keyid:alpha].role:team([string:'proj2'])
93# p = "[keyid:joe]"
94param=ABAC.DataTerm("string", "'proj2'")
95role = ABAC.Role(alpha,"team")
[5d06689]96role.role_add_data_term(param)
[5110d42]97p = ABAC.Role(joe)
98print "\n===good============ Alpha.team(proj2)<-?-Joe"
99out = ctxt.query(role,p)
100
101for c in out[1]:
102    print "%s <- %s" % (c.head_string(), c.tail_string())
103
[e3462b4]104
105## ctxt.dump_yap_db()
Note: See TracBrowser for help on using the repository browser.