#!/usr/bin/env python

"""
See README in this directory for the semantics of the example.  This file
constructs the credentials described and puts copies into this directory

cmd1:env keystore=`pwd` ./attr.py 
"""
import os
import ABAC

ctxt = ABAC.Context()
print "ABAC version %s" % ctxt.version()

# retrieve principals' keyid value from local credential files
acmeID=ABAC.ID("Acme_ID.pem");
acmeID.id_load_privkey_file("Acme_private.pem");
ctxt.load_id(acmeID)
acme=acmeID.id_keyid()

coyoteID=ABAC.ID("Coyote_ID.pem");
coyoteID.id_load_privkey_file("Coyote_private.pem");
ctxt.load_id(coyoteID)
coyote=coyoteID.id_keyid()

################################################
# Credential 1, only preferred_customer of Acme can buy_rockets
#[keyid:Acme].role:buy_rockets <- [keyid:Acme].role:preferred_customer
head = ABAC.Role(acme,"buy_rockets")
tail = ABAC.Role(acme,"preferred_customer")

# compose the attribute of a basic rt0 role rule
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)

# finalize the policy
attr.attribute_bake()

# create a policy file at the file system
attr.attribute_write_cert("Acme_buy_rockets__Acme_preferred_customer_attr.der")

# load the policy into current context by with the newly created policy file
ctxt.load_attribute_file("Acme_buy_rockets__Acme_preferred_customer_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"

#################################################
# Credential 2
#[keyid:Acme].role:preferred_customer <- [keyid:Coyote]
head = ABAC.Role(acme,"preferred_customer")
tail = ABAC.Role(coyote)
attr=ABAC.Attribute(head, 1800)
attr.attribute_add_tail(tail)
attr.attribute_bake()
attr.attribute_write_cert("Acme_preferred_customer__Coyote_attr.der")
ctxt.load_attribute_file("Acme_preferred_customer__Coyote_attr.der")
print attr.string() 
print attr.typed_string()
print "\n"