| 1 | #!/usr/bin/env python |
|---|
| 2 | |
|---|
| 3 | """ |
|---|
| 4 | to test with python |
|---|
| 5 | |
|---|
| 6 | cmd1:env keystore=`pwd` ./query.py |
|---|
| 7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
|---|
| 8 | |
|---|
| 9 | """ |
|---|
| 10 | |
|---|
| 11 | import os |
|---|
| 12 | import ABAC |
|---|
| 13 | |
|---|
| 14 | ctxt = ABAC.Context() |
|---|
| 15 | |
|---|
| 16 | # print "ABAC version %s" % ctxt.version() |
|---|
| 17 | |
|---|
| 18 | keystore=os.environ["keystore"] |
|---|
| 19 | |
|---|
| 20 | ctxt.load_directory(keystore) |
|---|
| 21 | |
|---|
| 22 | alphaID=ABAC.ID("Alpha_ID.pem"); |
|---|
| 23 | alphaID.load_privkey("Alpha_private.pem"); |
|---|
| 24 | #ctxt.load_id(alphaID) |
|---|
| 25 | alpha=alphaID.keyid() |
|---|
| 26 | |
|---|
| 27 | bobID=ABAC.ID("Bob_ID.pem"); |
|---|
| 28 | bobID.load_privkey("Bob_private.pem"); |
|---|
| 29 | #ctxt.load_id(bobID) |
|---|
| 30 | bob=bobID.keyid() |
|---|
| 31 | |
|---|
| 32 | joeID=ABAC.ID("Joe_ID.pem"); |
|---|
| 33 | joeID.load_privkey("Joe_private.pem"); |
|---|
| 34 | joe=joeID.keyid() |
|---|
| 35 | |
|---|
| 36 | |
|---|
| 37 | ########################################################################## |
|---|
| 38 | # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) |
|---|
| 39 | # p = "[keyid:bob]" |
|---|
| 40 | param1=ABAC.DataTerm("string", "'Read'") |
|---|
| 41 | param2=ABAC.DataTerm("urn","'file//fileA'") |
|---|
| 42 | role = ABAC.Role(alpha,"access") |
|---|
| 43 | role.add_data_term(param1) |
|---|
| 44 | role.add_data_term(param2) |
|---|
| 45 | p = ABAC.Role(bob) |
|---|
| 46 | |
|---|
| 47 | print "\n===good============ Alpha.access(Read,fileA)<-?-Bob" |
|---|
| 48 | out = ctxt.query(role, p) |
|---|
| 49 | |
|---|
| 50 | for c in out[1]: |
|---|
| 51 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 52 | |
|---|
| 53 | ########################################################################## |
|---|
| 54 | # role =[keyid:alpha].role:access([string:'Read'],[urn:'file//fileA']) |
|---|
| 55 | # p = "[keyid:joe]" |
|---|
| 56 | param1=ABAC.DataTerm("string", "'Read'") |
|---|
| 57 | param2=ABAC.DataTerm("urn","'file//fileA'") |
|---|
| 58 | role = ABAC.Role(alpha,"access") |
|---|
| 59 | role.add_data_term(param1) |
|---|
| 60 | role.add_data_term(param2) |
|---|
| 61 | p = ABAC.Role(joe) |
|---|
| 62 | |
|---|
| 63 | print "\n===bad============ Alpha.access(Read,fileA)<-?-Joe" |
|---|
| 64 | out = ctxt.query(role,p) |
|---|
| 65 | |
|---|
| 66 | for c in out[1]: |
|---|
| 67 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 68 | |
|---|
| 69 | |
|---|
| 70 | ########################################################################## |
|---|
| 71 | # role =[keyid:alpha].role:team([string:'proj2']) |
|---|
| 72 | # p = "[keyid:joe]" |
|---|
| 73 | param=ABAC.DataTerm("string", "'proj2'") |
|---|
| 74 | role = ABAC.Role(alpha,"team") |
|---|
| 75 | role.add_data_term(param) |
|---|
| 76 | p = ABAC.Role(joe) |
|---|
| 77 | print "\n===good============ Alpha.team(proj2)<-?-Joe" |
|---|
| 78 | out = ctxt.query(role,p) |
|---|
| 79 | |
|---|
| 80 | for c in out[1]: |
|---|
| 81 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 82 | |
|---|
