source: examples/python_tests/acme_rockets_intersection_rt0/attr.py @ abf8d5d

#!/usr/bin/env python

"""
See README in this directory for the semantics of the example.  This file
constructs the credentials described and puts copies into this directory

cmd1:env keystore=`pwd` ./attr.py 
"""
import os
import ABAC

ctxt = ABAC.Context()
print "ABAC version %s" % ctxt.version()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)

# retrieve principals' keyid value from local credential files
acmeID=ABAC.ID("Acme_ID.pem");
acmeID.id_load_privkey_file("Acme_private.pem");
ctxt.load_id(acmeID)
acme=acmeID.id_keyid()

coyoteID=ABAC.ID("Coyote_ID.pem");
coyoteID.id_load_privkey_file("Coyote_private.pem");
ctxt.load_id(coyoteID)
coyote=coyoteID.id_keyid()

warnerbrosID=ABAC.ID("WarnerBros_ID.pem");
warnerbrosID.id_load_privkey_file("WarnerBros_private.pem");
ctxt.load_id(warnerbrosID)
warnerbros=warnerbrosID.id_keyid()

batmanID=ABAC.ID("Batman_ID.pem");
batmanID.id_load_privkey_file("Batman_private.pem");
ctxt.load_id(batmanID)
batman=batmanID.id_keyid()


################################################
# Credential 1, establish the intersection rule on who can buy
# rockets from Acme
#[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer 
#                                    & [keyid:WarnerBros].role:charater
head = ABAC.Role(acme,"buy_rockets")
tail1 = ABAC.Role(acme,"preferred_customer")
tail2 = ABAC.Role(warnerbros,"character")
attr=ABAC.Attribute(head, 1800)

# to add intersection, just add multiple tails, make sure they are all
# roles or all osets
attr.attribute_add_tail(tail1)
attr.attribute_add_tail(tail2)

# finalize the rule
attr.attribute_bake()

# save it out as external credential file
attr.attribute_write_cert("Acme_buy_rockets__Acme_preferred_customer_and_WarnerBros_character_attr.der")

# load it into context from the just created credential file
ctxt.load_attribute_file("Acme_buy_rockets__Acme_preferred_customer_and_WarnerBros_character_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 2
#[keyid:Acme].role:preferred_customer <- [keyid:Coyote]
head = ABAC.Role(acme,"preferred_customer")
tail = ABAC.Role(coyote)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Acme_preferred_customer__Coyote_attr.der")
ctxt.load_attribute_file("Acme_preferred_customer__Coyote_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 3
#[keyid:Acme].role:preferred_customer <- [keyid:Batman]
head = ABAC.Role(acme,"preferred_customer")
tail = ABAC.Role(batman)
attr=ABAC.Attribute(head,1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Acme_preferred_customer__Batman_attr.der")
ctxt.load_attribute_file("Acme_preferred_customer__Batman_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"


################################################
# Credential 4
#[keyid:WarnerBros].role:character <- [keyid:Coyote]
head=ABAC.Role(warnerbros,"character")
tail = ABAC.Role(coyote)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("WarnerBros_character__Coyote_attr.der")

# demonstrate how attribute can be load from structure insted of a file
ctxt.load_attribute(attr)
print attr.string() 
print attr.typed_string()
print "\n"