source: examples/python_tests/acme_rockets_rt0/query.py @ c00fcc3

abac0-leakabac0-meimei-idmei-rt0-nmei_rt0tvf-new-xml
Last change on this file since c00fcc3 was be6cb41, checked in by Mei <mei@…>, 12 years ago

1) forgot to add the new files
  • Property mode set to 100755
File size: 3.0 KB
Line 
1#!/usr/bin/env python
2
3"""
4Run the queries described in README
5
6cmd: env keystore=`pwd` ./query.py
7
8"""
9
10import os
11import ABAC
12
13ctxt = ABAC.Context()
14
15# Keystore is the directory containing the principal credentials.
16# Load existing principals and/or policy credentials
17if (os.environ.has_key("keystore")) :
18    keystore=os.environ["keystore"]
19    ctxt.load_directory(keystore)
20else:
21    print("keystore is not set...")
22    exit(1)
23
24# retrieve principals' keyid value from local credential files
25acmeID=ABAC.ID("Acme_ID.pem");
26acmeID.load_privkey("Acme_private.pem");
27acme=acmeID.keyid()
28
29coyoteID=ABAC.ID("Coyote_ID.pem");
30coyoteID.load_privkey("Coyote_private.pem");
31coyote=coyoteID.keyid()
32
33bigbirdID=ABAC.ID("Bigbird_ID.pem");
34bigbirdID.load_privkey("Bigbird_private.pem");
35bigbird=bigbirdID.keyid()
36
37##########################################################################
38# dump the loaded attribute policies
39#
40print "\n...policy attribute set..."
41credentials = ctxt.credentials()
42for credential in credentials:
43    print "context: %s <- %s" % (credential.head().string(), credential.tail().string())
44
45##########################################################################
46# is coyote a preferred_customer of Acme ?
47# role=[keyid:Acme].role:preferred_customer
48# p =[keyid:coyote]
49
50print "\n===good============ Acme.preferred_customer <- Coyote"
51(success, credentials) = ctxt.query("%s.preferred_customer" % acme, coyote)
52if success:
53    print "success!"
54else:
55    print "failure!"
56for credential in credentials:
57    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())
58
59##########################################################################
60# can coyote buy rockets from Acme ?
61# role=[keyid:Acme].role:buy_rockets
62# p =[keyid:coyote]
63
64print "\n===good============ Acme.buy_rockets <- Coyote"
65(success, credentials) = ctxt.query("%s.buy_rockets" % acme, coyote)
66if success:
67    print "success!"
68else:
69    print "failure!"
70for credential in credentials:
71    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())
72
73##########################################################################
74# is Acme a friend of coyote ?
75# role=[keyid:Coyote].role:friend
76# p=[keyid:Acme]
77
78print "\n===bad=============== Coyote.friend <- Acme"
79(success, credentials) = ctxt.query("%s.friend" % coyote, acme)
80if success:
81    print "success!"
82else:
83    print "failure!"
84for credential in credentials:
85    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())
86
87##########################################################################
88# using complex role to ask a question.. expecting to fail
89# role=[keyid:Acme].role:buy_rockets
90# p=[keyid:Acme].role:preferred_customer
91
92print "\n===bad?=============== Acme.buy_rockets <- Acme.preferred_customer"
93(success, credentials) = ctxt.query("%s.buy_rockets" % acme, "%s.preferred_customer" % acme)
94if success:
95    print "success!"
96else:
97    print "failure!"
98for credential in credentials:
99    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())
Note: See TracBrowser for help on using the repository browser.