| 1 | #!/usr/bin/env python |
|---|
| 2 | |
|---|
| 3 | """ |
|---|
| 4 | Run the queries described in README |
|---|
| 5 | |
|---|
| 6 | cmd1:env keystore=`pwd` ./query.py |
|---|
| 7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
|---|
| 8 | |
|---|
| 9 | """ |
|---|
| 10 | |
|---|
| 11 | import os |
|---|
| 12 | import ABAC |
|---|
| 13 | |
|---|
| 14 | ctxt = ABAC.Context() |
|---|
| 15 | ctxt.set_no_partial_proof() |
|---|
| 16 | |
|---|
| 17 | # Keystore is the directory containing the principal credentials. |
|---|
| 18 | # Load existing principals and/or policy credentials |
|---|
| 19 | if (os.environ.has_key("keystore")) : |
|---|
| 20 | keystore=os.environ["keystore"] |
|---|
| 21 | ctxt.load_directory(keystore) |
|---|
| 22 | else: |
|---|
| 23 | print("keystore is not set...") |
|---|
| 24 | exit(1) |
|---|
| 25 | |
|---|
| 26 | # retrieve principals' keyid value from local credential files |
|---|
| 27 | acmeID=ABAC.ID("Acme_ID.pem"); |
|---|
| 28 | acmeID.id_load_privkey_file("Acme_private.pem"); |
|---|
| 29 | acme=acmeID.id_keyid() |
|---|
| 30 | |
|---|
| 31 | coyoteID=ABAC.ID("Coyote_ID.pem"); |
|---|
| 32 | coyoteID.id_load_privkey_file("Coyote_private.pem"); |
|---|
| 33 | coyote=coyoteID.id_keyid() |
|---|
| 34 | |
|---|
| 35 | ########################################################################## |
|---|
| 36 | # dump the loaded principals/policies |
|---|
| 37 | # |
|---|
| 38 | out = ctxt.context_principals() |
|---|
| 39 | print "\n...final principal set..." |
|---|
| 40 | for x in out[1]: |
|---|
| 41 | print "%s " % x.string() |
|---|
| 42 | out = ctxt.context_credentials() |
|---|
| 43 | print "\n...final policy attribute set..." |
|---|
| 44 | for c in out[1]: |
|---|
| 45 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 46 | |
|---|
| 47 | def get_next(ctxt) : |
|---|
| 48 | while(1) : |
|---|
| 49 | print ("\nnext proof:") |
|---|
| 50 | (success, out) = ctxt.next_proof() |
|---|
| 51 | if(success) : |
|---|
| 52 | for c in out: |
|---|
| 53 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 54 | else: |
|---|
| 55 | print("no more..\n") |
|---|
| 56 | return |
|---|
| 57 | |
|---|
| 58 | ########################################################################## |
|---|
| 59 | # can coyote buy rockets from Acme ? |
|---|
| 60 | # role=[keyid:Acme].role:buy_rockets |
|---|
| 61 | # p =[keyid:coyote] |
|---|
| 62 | role = ABAC.Role(acme,"buy_rockets") |
|---|
| 63 | p = ABAC.Role(coyote) |
|---|
| 64 | print "\n===good============ Acme.buy_rockets <- Coyote" |
|---|
| 65 | out = ctxt.query(role, p) |
|---|
| 66 | for c in out[1]: |
|---|
| 67 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 68 | get_next(ctxt) |
|---|
| 69 | |
|---|
| 70 | ########################################################################## |
|---|
| 71 | # is coyote a preferred_customer of Acme ? |
|---|
| 72 | # role=[keyid:Acme].role:preferred_customer |
|---|
| 73 | # p =[keyid:coyote] |
|---|
| 74 | role = ABAC.Role(acme,"preferred_customer") |
|---|
| 75 | p = ABAC.Role(coyote) |
|---|
| 76 | print "\n===good============ Acme.preferred_customer <- Coyote" |
|---|
| 77 | out = ctxt.query(role, p) |
|---|
| 78 | for c in out[1]: |
|---|
| 79 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 80 | get_next(ctxt) |
|---|
| 81 | |
|---|
| 82 | ########################################################################## |
|---|
| 83 | # is Acme a friend of coyote ? |
|---|
| 84 | # role=[keyid:Coyote].role:friend |
|---|
| 85 | # p=[keyid:Acme] |
|---|
| 86 | role = ABAC.Role(coyote,"friend") |
|---|
| 87 | p = ABAC.Role(acme) |
|---|
| 88 | print "\n===bad=============== Coyote.friend <- Acme" |
|---|
| 89 | out = ctxt.query(role, p) |
|---|
| 90 | for c in out[1]: |
|---|
| 91 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
|---|
| 92 | get_next(ctxt) |
|---|
