| [be6cb41] | 1 | #!/usr/bin/env python |
|---|
| 2 | |
|---|
| 3 | """ |
|---|
| 4 | Run the queries described in README |
|---|
| 5 | |
|---|
| 6 | cmd:env keystore=`pwd` ./query.py |
|---|
| 7 | """ |
|---|
| 8 | |
|---|
| 9 | import os |
|---|
| 10 | import ABAC |
|---|
| 11 | |
|---|
| 12 | ctxt = ABAC.Context() |
|---|
| 13 | |
|---|
| 14 | # Keystore is the directory containing the principal credentials. |
|---|
| 15 | # Load existing principals and/or policy credentials |
|---|
| 16 | if (os.environ.has_key("keystore")) : |
|---|
| 17 | keystore=os.environ["keystore"] |
|---|
| 18 | ctxt.load_directory(keystore) |
|---|
| 19 | else: |
|---|
| 20 | print("keystore is not set...") |
|---|
| 21 | exit(1) |
|---|
| 22 | |
|---|
| 23 | # retrieve principals' keyid value from local credential files |
|---|
| 24 | acmeID=ABAC.ID("Acme_ID.pem"); |
|---|
| 25 | acmeID.load_privkey("Acme_private.pem"); |
|---|
| 26 | acme=acmeID.keyid() |
|---|
| 27 | |
|---|
| 28 | coyoteID=ABAC.ID("Coyote_ID.pem"); |
|---|
| 29 | coyoteID.load_privkey("Coyote_private.pem"); |
|---|
| 30 | coyote=coyoteID.keyid() |
|---|
| 31 | |
|---|
| 32 | warnerbrosID=ABAC.ID("WarnerBros_ID.pem"); |
|---|
| 33 | warnerbrosID.load_privkey("WarnerBros_private.pem"); |
|---|
| 34 | warnerbros=warnerbrosID.keyid() |
|---|
| 35 | |
|---|
| 36 | batmanID=ABAC.ID("Batman_ID.pem"); |
|---|
| 37 | batmanID.load_privkey("Batman_private.pem"); |
|---|
| 38 | batman=batmanID.keyid() |
|---|
| 39 | |
|---|
| 40 | ########################################################################## |
|---|
| 41 | # dump the loaded principals/policies |
|---|
| 42 | # |
|---|
| 43 | print "\n...policy attribute set..." |
|---|
| 44 | credentials = ctxt.credentials() |
|---|
| 45 | for credential in credentials: |
|---|
| 46 | print "context: %s <- %s" % (credential.head().string(), credential.tail().string()) |
|---|
| 47 | |
|---|
| 48 | ########################################################################## |
|---|
| 49 | # can coyote buy rockets from Acme ? |
|---|
| 50 | # role = "[keyid:Acme].role:buy_rockets" |
|---|
| 51 | # p = "[keyid:coyote]" |
|---|
| 52 | |
|---|
| 53 | print "\n===good============ Acme.buy_rockets <- Coyote" |
|---|
| 54 | (success, credentials) = ctxt.query("%s.buy_rockets" % acme, coyote) |
|---|
| 55 | if success: |
|---|
| 56 | print "success!" |
|---|
| 57 | else: |
|---|
| 58 | print "failure!" |
|---|
| 59 | for credential in credentials: |
|---|
| 60 | print "credential %s <- %s" % (credential.head().string(), credential.tail().string()) |
|---|
| 61 | |
|---|
| 62 | ########################################################################## |
|---|
| 63 | # can batman buy rockets from Acme ? |
|---|
| 64 | # role = "[keyid:Acme].role:buy_rockets" |
|---|
| 65 | # p = "[keyid:batman]" |
|---|
| 66 | |
|---|
| 67 | print "\n===bad============ Acme.buy_rockets <- Batman" |
|---|
| 68 | (success, credentials) = ctxt.query("%s.buy_rockets" % acme, batman) |
|---|
| 69 | if success: |
|---|
| 70 | print "success!" |
|---|
| 71 | else: |
|---|
| 72 | print "failure!" |
|---|
| 73 | for credential in credentials: |
|---|
| 74 | print "credential %s <- %s" % (credential.head().string(), credential.tail().string()) |
|---|
