#!/usr/bin/env python """ to test with python cmd1:env keystore=`pwd` ./query.py cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py """ import os import ABAC # Run the queries described in README ctxt = ABAC.Context() # print "ABAC version %s" % ctxt.version() # If a keystore is given in the environment, pre-load those credentials keystore=os.environ["keystore"] ctxt.load_directory(keystore) # Load the principals created in ./attr.py and ./setup.py. Each has an # identity and private key. alphaID=ABAC.ID("Alpha_ID.pem"); alphaID.id_load_privkey_file("Alpha_private.pem"); #ctxt.load_id(alphaID) alpha=alphaID.id_keyid() bobID=ABAC.ID("Bob_ID.pem"); bobID.id_load_privkey_file("Bob_private.pem"); #ctxt.load_id(bobID) bob=bobID.id_keyid() joeID=ABAC.ID("Joe_ID.pem"); joeID.id_load_privkey_file("Joe_private.pem"); joe=joeID.id_keyid() # Construct and run the queries. In each case we create a role object and a # principal and call the query method on the context. The contents of the # proof are printed for successful queries. # role is the role to look for # p is the principal to check. ########################################################################## # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) # p = "[keyid:bob]" param1=ABAC.DataTerm("string", "'Read'") param2=ABAC.DataTerm("urn","'file//fileA'") role = ABAC.Role(alpha,"access") role.role_add_data_term(param1) role.role_add_data_term(param2) p = ABAC.Role(bob) print "\n===good============ Alpha.access(Read,fileA)<-?-Bob" out = ctxt.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) # p = "[keyid:joe]" param1=ABAC.DataTerm("string", "'Read'") param2=ABAC.DataTerm("urn","'file//fileA'") role = ABAC.Role(alpha,"access") role.role_add_data_term(param1) role.role_add_data_term(param2) p = ABAC.Role(joe) print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe" out = ctxt.query(role,p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # role =[keyid:alpha].role:team([string:'proj2']) # p = "[keyid:joe]" param=ABAC.DataTerm("string", "'proj2'") role = ABAC.Role(alpha,"team") role.role_add_data_term(param) p = ABAC.Role(joe) print "\n===good============ Alpha.team(proj2)<-?-Joe" out = ctxt.query(role,p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) ########################################################################## # dump the loaded principals/policies # out = ctxt.context_principals() print "\n...final principal set..." for x in out[1]: print "%s " % x.string() print "\n" out = ctxt.context_credentials() print "\n...final policy attribute set..." for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) print "\n"