1 | #!/usr/bin/env python |
---|
2 | |
---|
3 | """ |
---|
4 | to test with python |
---|
5 | |
---|
6 | cmd1:env keystore=`pwd` ./query.py |
---|
7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
---|
8 | |
---|
9 | """ |
---|
10 | |
---|
11 | import os |
---|
12 | import ABAC |
---|
13 | |
---|
14 | # Run the queries described in README |
---|
15 | |
---|
16 | ctxt = ABAC.Context() |
---|
17 | |
---|
18 | # print "ABAC version %s" % ctxt.version() |
---|
19 | |
---|
20 | # If a keystore is given in the environment, pre-load those credentials |
---|
21 | keystore=os.environ["keystore"] |
---|
22 | |
---|
23 | ctxt.load_directory(keystore) |
---|
24 | |
---|
25 | # Load the principals created in ./attr.py and ./setup.py. Each has an |
---|
26 | # identity and private key. |
---|
27 | alphaID=ABAC.ID("Alpha_ID.pem"); |
---|
28 | alphaID.id_load_privkey_file("Alpha_private.pem"); |
---|
29 | #ctxt.load_id(alphaID) |
---|
30 | alpha=alphaID.id_keyid() |
---|
31 | |
---|
32 | bobID=ABAC.ID("Bob_ID.pem"); |
---|
33 | bobID.id_load_privkey_file("Bob_private.pem"); |
---|
34 | #ctxt.load_id(bobID) |
---|
35 | bob=bobID.id_keyid() |
---|
36 | |
---|
37 | joeID=ABAC.ID("Joe_ID.pem"); |
---|
38 | joeID.id_load_privkey_file("Joe_private.pem"); |
---|
39 | joe=joeID.id_keyid() |
---|
40 | |
---|
41 | # Construct and run the queries. In each case we create a role object and a |
---|
42 | # principal and call the query method on the context. The contents of the |
---|
43 | # proof are printed for successful queries. |
---|
44 | # role is the role to look for |
---|
45 | # p is the principal to check. |
---|
46 | ########################################################################## |
---|
47 | # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) |
---|
48 | # p = "[keyid:bob]" |
---|
49 | param1=ABAC.DataTerm("string", "'Read'") |
---|
50 | param2=ABAC.DataTerm("urn","'file//fileA'") |
---|
51 | role = ABAC.Role(alpha,"access") |
---|
52 | role.role_add_data_term(param1) |
---|
53 | role.role_add_data_term(param2) |
---|
54 | |
---|
55 | p = ABAC.Role(bob) |
---|
56 | print "\n===good============ Alpha.access(Read,fileA)<-?-Bob" |
---|
57 | out = ctxt.query(role, p) |
---|
58 | |
---|
59 | for c in out[1]: |
---|
60 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
61 | |
---|
62 | ########################################################################## |
---|
63 | # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) |
---|
64 | # p = "[keyid:joe]" |
---|
65 | param1=ABAC.DataTerm("string", "'Read'") |
---|
66 | param2=ABAC.DataTerm("urn","'file//fileA'") |
---|
67 | role = ABAC.Role(alpha,"access") |
---|
68 | role.role_add_data_term(param1) |
---|
69 | role.role_add_data_term(param2) |
---|
70 | p = ABAC.Role(joe) |
---|
71 | |
---|
72 | print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe" |
---|
73 | out = ctxt.query(role,p) |
---|
74 | |
---|
75 | for c in out[1]: |
---|
76 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
77 | |
---|
78 | |
---|
79 | ########################################################################## |
---|
80 | # role =[keyid:alpha].role:team([string:'proj2']) |
---|
81 | # p = "[keyid:joe]" |
---|
82 | param=ABAC.DataTerm("string", "'proj2'") |
---|
83 | role = ABAC.Role(alpha,"team") |
---|
84 | role.role_add_data_term(param) |
---|
85 | p = ABAC.Role(joe) |
---|
86 | print "\n===good============ Alpha.team(proj2)<-?-Joe" |
---|
87 | out = ctxt.query(role,p) |
---|
88 | |
---|
89 | for c in out[1]: |
---|
90 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
91 | |
---|
92 | |
---|
93 | ########################################################################## |
---|
94 | # dump the loaded principals/policies |
---|
95 | # |
---|
96 | out = ctxt.context_principals() |
---|
97 | print "\n...final principal set..." |
---|
98 | for x in out[1]: |
---|
99 | print "%s " % x.string() |
---|
100 | print "\n" |
---|
101 | out = ctxt.context_credentials() |
---|
102 | print "\n...final policy attribute set..." |
---|
103 | for c in out[1]: |
---|
104 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
105 | print "\n" |
---|
106 | |
---|