#!/usr/bin/env python

"""
Run the queries described in README

cmd: env keystore=`pwd` ./query.py

"""

import os
import ABAC

ctxt = ABAC.Context()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set...")
    exit(1)

# retrieve principals' keyid value from local credential files
acmeID=ABAC.ID("Acme_ID.pem");
acmeID.load_privkey("Acme_private.pem");
acme=acmeID.keyid()

coyoteID=ABAC.ID("Coyote_ID.pem");
coyoteID.load_privkey("Coyote_private.pem");
coyote=coyoteID.keyid()

bigbirdID=ABAC.ID("Bigbird_ID.pem");
bigbirdID.load_privkey("Bigbird_private.pem");
bigbird=bigbirdID.keyid()

##########################################################################
# dump the loaded attribute policies
#
print "\n...policy attribute set..."
credentials = ctxt.credentials()
for credential in credentials:
    print "context: %s <- %s" % (credential.head().string(), credential.tail().string())

##########################################################################
# is coyote a preferred_customer of Acme ?
# role=[keyid:Acme].role:preferred_customer
# p =[keyid:coyote]

print "\n===good============ Acme.preferred_customer <- Coyote"
(success, credentials) = ctxt.query("%s.preferred_customer" % acme, coyote)
if success:
    print "success!"
else:
    print "failure!"
for credential in credentials:
    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())

##########################################################################
# can coyote buy rockets from Acme ?
# role=[keyid:Acme].role:buy_rockets
# p =[keyid:coyote]

print "\n===good============ Acme.buy_rockets <- Coyote"
(success, credentials) = ctxt.query("%s.buy_rockets" % acme, coyote)
if success:
    print "success!"
else:
    print "failure!"
for credential in credentials:
    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())

##########################################################################
# is Acme a friend of coyote ?
# role=[keyid:Coyote].role:friend
# p=[keyid:Acme] 

print "\n===bad=============== Coyote.friend <- Acme"
(success, credentials) = ctxt.query("%s.friend" % coyote, acme)
if success:
    print "success!"
else:
    print "failure!"
for credential in credentials:
    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())

##########################################################################
# using complex role to ask a question.. expecting to fail 
# role=[keyid:Acme].role:buy_rockets 
# p=[keyid:Acme].role:preferred_customer

print "\n===bad?=============== Acme.buy_rockets <- Acme.preferred_customer"
(success, credentials) = ctxt.query("%s.buy_rockets" % acme, "%s.preferred_customer" % acme)
if success:
    print "success!"
else:
    print "failure!"
for credential in credentials:
    print "credential %s <- %s" % (credential.head().string(), credential.tail().string())