[5110d42] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
[f824a9e] | 4 | Run the queries described in README |
---|
[5110d42] | 5 | |
---|
| 6 | cmd1:env keystore=`pwd` ./query.py |
---|
| 7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
---|
| 8 | |
---|
| 9 | """ |
---|
| 10 | |
---|
| 11 | import os |
---|
| 12 | import ABAC |
---|
| 13 | |
---|
| 14 | ctxt = ABAC.Context() |
---|
[646e57e] | 15 | ctxt.set_no_partial_proof() |
---|
[5110d42] | 16 | |
---|
[f824a9e] | 17 | # Keystore is the directory containing the principal credentials. |
---|
| 18 | # Load existing principals and/or policy credentials |
---|
| 19 | if (os.environ.has_key("keystore")) : |
---|
| 20 | keystore=os.environ["keystore"] |
---|
| 21 | ctxt.load_directory(keystore) |
---|
| 22 | else: |
---|
| 23 | print("keystore is not set...") |
---|
| 24 | exit(1) |
---|
[5110d42] | 25 | |
---|
[47d5cf9] | 26 | # Load the principals created in ./attr.py and ./setup.py. Each has an |
---|
| 27 | # identity and private key. |
---|
[5110d42] | 28 | alphaID=ABAC.ID("Alpha_ID.pem"); |
---|
[5d06689] | 29 | alphaID.id_load_privkey_file("Alpha_private.pem"); |
---|
| 30 | alpha=alphaID.id_keyid() |
---|
[5110d42] | 31 | |
---|
| 32 | bobID=ABAC.ID("Bob_ID.pem"); |
---|
[5d06689] | 33 | bobID.id_load_privkey_file("Bob_private.pem"); |
---|
| 34 | bob=bobID.id_keyid() |
---|
[5110d42] | 35 | |
---|
| 36 | joeID=ABAC.ID("Joe_ID.pem"); |
---|
[5d06689] | 37 | joeID.id_load_privkey_file("Joe_private.pem"); |
---|
| 38 | joe=joeID.id_keyid() |
---|
[5110d42] | 39 | |
---|
[f824a9e] | 40 | ########################################################################## |
---|
| 41 | # dump the loaded principals/policies |
---|
| 42 | # |
---|
| 43 | out = ctxt.context_principals() |
---|
| 44 | print "\n...final principal set..." |
---|
| 45 | for x in out[1]: |
---|
| 46 | print "%s " % x.string() |
---|
[2e9455f] | 47 | |
---|
[f824a9e] | 48 | out = ctxt.context_credentials() |
---|
| 49 | print "\n...final policy attribute set..." |
---|
| 50 | for c in out[1]: |
---|
| 51 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 52 | |
---|
[2e9455f] | 53 | |
---|
[f824a9e] | 54 | ########################################################################## |
---|
[47d5cf9] | 55 | # Construct and run the queries. In each case we create a role object and a |
---|
| 56 | # principal and call the query method on the context. The contents of the |
---|
| 57 | # proof are printed for successful queries. |
---|
| 58 | # role is the role to look for |
---|
| 59 | # p is the principal to check. |
---|
[5110d42] | 60 | ########################################################################## |
---|
| 61 | # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) |
---|
| 62 | # p = "[keyid:bob]" |
---|
| 63 | param1=ABAC.DataTerm("string", "'Read'") |
---|
| 64 | param2=ABAC.DataTerm("urn","'file//fileA'") |
---|
| 65 | role = ABAC.Role(alpha,"access") |
---|
[5d06689] | 66 | role.role_add_data_term(param1) |
---|
| 67 | role.role_add_data_term(param2) |
---|
[5110d42] | 68 | |
---|
[47d5cf9] | 69 | p = ABAC.Role(bob) |
---|
[5110d42] | 70 | print "\n===good============ Alpha.access(Read,fileA)<-?-Bob" |
---|
| 71 | out = ctxt.query(role, p) |
---|
| 72 | |
---|
| 73 | for c in out[1]: |
---|
| 74 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 75 | |
---|
| 76 | ########################################################################## |
---|
| 77 | # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) |
---|
| 78 | # p = "[keyid:joe]" |
---|
| 79 | param1=ABAC.DataTerm("string", "'Read'") |
---|
| 80 | param2=ABAC.DataTerm("urn","'file//fileA'") |
---|
| 81 | role = ABAC.Role(alpha,"access") |
---|
[5d06689] | 82 | role.role_add_data_term(param1) |
---|
| 83 | role.role_add_data_term(param2) |
---|
[5110d42] | 84 | p = ABAC.Role(joe) |
---|
| 85 | |
---|
| 86 | print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe" |
---|
| 87 | out = ctxt.query(role,p) |
---|
| 88 | |
---|
| 89 | for c in out[1]: |
---|
| 90 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 91 | |
---|
| 92 | |
---|
| 93 | ########################################################################## |
---|
| 94 | # role =[keyid:alpha].role:team([string:'proj2']) |
---|
| 95 | # p = "[keyid:joe]" |
---|
| 96 | param=ABAC.DataTerm("string", "'proj2'") |
---|
| 97 | role = ABAC.Role(alpha,"team") |
---|
[5d06689] | 98 | role.role_add_data_term(param) |
---|
[5110d42] | 99 | p = ABAC.Role(joe) |
---|
| 100 | print "\n===good============ Alpha.team(proj2)<-?-Joe" |
---|
| 101 | out = ctxt.query(role,p) |
---|
| 102 | |
---|
| 103 | for c in out[1]: |
---|
| 104 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 105 | |
---|