[669b481] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
[f824a9e] | 4 | See README in this directory for the semantics of the example. This file |
---|
| 5 | constructs the credentials described and puts copies into this directory |
---|
[669b481] | 6 | |
---|
| 7 | cmd1:env keystore=`pwd` ./attr.py |
---|
| 8 | """ |
---|
| 9 | |
---|
| 10 | import os |
---|
| 11 | import ABAC |
---|
| 12 | |
---|
| 13 | ctxt = ABAC.Context() |
---|
| 14 | print "ABAC version %s" % ctxt.version() |
---|
| 15 | |
---|
[f824a9e] | 16 | # Keystore is the directory containing the principal credentials. |
---|
| 17 | # Load existing principals and/or policy credentials |
---|
| 18 | if (os.environ.has_key("keystore")) : |
---|
| 19 | keystore=os.environ["keystore"] |
---|
| 20 | ctxt.load_directory(keystore) |
---|
[669b481] | 21 | |
---|
[f824a9e] | 22 | # retrieve principals' keyid value from local credential files |
---|
[669b481] | 23 | out = ctxt.context_principals() |
---|
| 24 | print "...initial principal set..." |
---|
| 25 | for x in out[1]: |
---|
| 26 | print "%s " % x.string() |
---|
| 27 | print "\n" |
---|
| 28 | |
---|
| 29 | out = ctxt.context_credentials() |
---|
| 30 | print "...initial policy attribute set..." |
---|
| 31 | for c in out[1]: |
---|
| 32 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 33 | print "\n" |
---|
| 34 | |
---|
| 35 | aliceID=ABAC.ID("Alice_ID.pem") |
---|
| 36 | aliceID.id_load_privkey_file("Alice_private.pem") |
---|
| 37 | alice=aliceID.id_keyid() |
---|
| 38 | |
---|
| 39 | partyID=ABAC.ID("Party_ID.pem") |
---|
| 40 | partyID.id_load_privkey_file("Party_private.pem") |
---|
| 41 | party=partyID.id_keyid() |
---|
| 42 | |
---|
| 43 | teaID=ABAC.ID("Tea_ID.pem") |
---|
| 44 | teaID.id_load_privkey_file("Tea_private.pem") |
---|
| 45 | tea=teaID.id_keyid() |
---|
| 46 | |
---|
| 47 | hatterID=ABAC.ID("Hatter_ID.pem") |
---|
| 48 | hatterID.id_load_privkey_file("Hatter_private.pem") |
---|
| 49 | hatter=hatterID.id_keyid() |
---|
| 50 | |
---|
| 51 | marchhareID=ABAC.ID("Marchhare_ID.pem") |
---|
| 52 | marchhareID.id_load_privkey_file("Marchhare_private.pem") |
---|
| 53 | marchhare=marchhareID.id_keyid() |
---|
| 54 | |
---|
| 55 | dormouseID=ABAC.ID("Dormouse_ID.pem") |
---|
| 56 | dormouseID.id_load_privkey_file("Dormouse_private.pem") |
---|
| 57 | dormouse=dormouseID.id_keyid() |
---|
| 58 | |
---|
| 59 | |
---|
| 60 | # can not have attribute string more than 382 characters or so |
---|
| 61 | # that would cause encoded attribute string more than 511 in length |
---|
| 62 | # and could not push/pull out of ietf_attribute_t properly |
---|
| 63 | ############################################### |
---|
[f824a9e] | 64 | # NOTE: space and '~' in string value |
---|
| 65 | # time value's optional ending |
---|
[669b481] | 66 | # [keyid:Party].role: about([keyid:tea],[time:20101010T],[boolean:true], |
---|
| 67 | # [integer:4],[float:-200.0],[float:8],[time:20120205T182930], |
---|
[f824a9e] | 68 | # [string:'a list'],[urn:'file://usr/party/~teaparty']) |
---|
[669b481] | 69 | # <- [keyid:Party].role:guestOf([keyid:MarchHare]) |
---|
| 70 | head=ABAC.Role(party,"about") |
---|
| 71 | param=ABAC.DataTerm(teaID) |
---|
| 72 | head.role_add_data_term(param) |
---|
| 73 | param=ABAC.DataTerm("time","20101010T") |
---|
| 74 | head.role_add_data_term(param) |
---|
| 75 | param=ABAC.DataTerm("boolean","true") |
---|
| 76 | head.role_add_data_term(param) |
---|
| 77 | param=ABAC.DataTerm("integer","4") |
---|
| 78 | head.role_add_data_term(param) |
---|
| 79 | param=ABAC.DataTerm("float","-200.0") |
---|
| 80 | head.role_add_data_term(param) |
---|
| 81 | param=ABAC.DataTerm("float","8") |
---|
| 82 | head.role_add_data_term(param) |
---|
| 83 | param=ABAC.DataTerm("time","20120205T182930") |
---|
| 84 | head.role_add_data_term(param) |
---|
[f824a9e] | 85 | param=ABAC.DataTerm("string","'a list'") |
---|
[669b481] | 86 | head.role_add_data_term(param) |
---|
| 87 | param=ABAC.DataTerm("urn","'file://usr/party/~teaparty'") |
---|
| 88 | head.role_add_data_term(param) |
---|
| 89 | tail=ABAC.Role(party,"guestOf") |
---|
| 90 | param=ABAC.DataTerm(marchhareID) |
---|
| 91 | tail.role_add_data_term(param) |
---|
| 92 | attr=ABAC.Attribute(head, 1800) |
---|
| 93 | attr.attribute_add_tail(tail) |
---|
| 94 | attr.attribute_bake() |
---|
| 95 | attr.attribute_write_cert("party_about_party__guestof_marchhare_attr.der") |
---|
| 96 | ctxt.load_attribute_file("party_about_party__guestof_marchhare_attr.der") |
---|
| 97 | print attr.string() |
---|
| 98 | print attr.typed_string() |
---|
| 99 | print "\n" |
---|
| 100 | |
---|
| 101 | ############################################### |
---|
[f824a9e] | 102 | # NOTE: anonymous parameter |
---|
| 103 | # Variable value for different parameter types |
---|
[669b481] | 104 | # [keyid:Party].role:about_other_party([keyid:tea],[?], |
---|
| 105 | # [integer:99],[time:?AAA],[integer:?BBB], |
---|
| 106 | # [boolean:true],[integer:?]) |
---|
| 107 | # <- [keyid:MarchHare] |
---|
| 108 | head=ABAC.Role(party,"about_other_party") |
---|
| 109 | param=ABAC.DataTerm(teaID) |
---|
| 110 | head.role_add_data_term(param) |
---|
| 111 | param=ABAC.DataTerm("anonymous","_") |
---|
| 112 | head.role_add_data_term(param) |
---|
| 113 | param=ABAC.DataTerm("integer","99") |
---|
| 114 | head.role_add_data_term(param) |
---|
| 115 | param=ABAC.DataTerm("time","AAA") |
---|
| 116 | head.role_add_data_term(param) |
---|
| 117 | param=ABAC.DataTerm("integer","BBB") |
---|
| 118 | head.role_add_data_term(param) |
---|
| 119 | param=ABAC.DataTerm("boolean","true") |
---|
| 120 | head.role_add_data_term(param) |
---|
| 121 | param=ABAC.DataTerm("integer","?") |
---|
| 122 | head.role_add_data_term(param) |
---|
| 123 | tail=ABAC.Role(marchhare) |
---|
| 124 | attr=ABAC.Attribute(head, 1800) |
---|
| 125 | attr.attribute_add_tail(tail) |
---|
| 126 | attr.attribute_bake() |
---|
| 127 | attr.attribute_write_cert("party_about_other_party__marchhare_attr.der") |
---|
| 128 | ctxt.load_attribute_file("party_about_other_party__marchhare_attr.der") |
---|
| 129 | print attr.string() |
---|
| 130 | print attr.typed_string() |
---|
| 131 | print "\n" |
---|
| 132 | |
---|
| 133 | ############################################### |
---|
| 134 | # [keyid:Party].role:about_string([string:'a confused party']) |
---|
| 135 | # <- [keyid:MarchHare] |
---|
| 136 | head=ABAC.Role(party,"about_string") |
---|
| 137 | param=ABAC.DataTerm("string","'a confused party'") |
---|
| 138 | head.role_add_data_term(param) |
---|
| 139 | tail=ABAC.Role(marchhare) |
---|
| 140 | attr=ABAC.Attribute(head, 1800) |
---|
| 141 | attr.attribute_add_tail(tail) |
---|
| 142 | attr.attribute_bake() |
---|
| 143 | attr.attribute_write_cert("party_about_string__marchhare_attr.der") |
---|
| 144 | ctxt.load_attribute_file("party_about_string__marchhare_attr.der") |
---|
| 145 | print attr.string() |
---|
| 146 | print attr.typed_string() |
---|
| 147 | print "\n" |
---|
| 148 | |
---|
| 149 | ############################################### |
---|
[f824a9e] | 150 | # NOTE: how to escape within a string value |
---|
[669b481] | 151 | # [keyid:Party].role:about_string2([string:'a mangled \\'string\\'']) |
---|
| 152 | # <- [keyid:MarchHare] |
---|
| 153 | head=ABAC.Role(party,"about_string2") |
---|
| 154 | param=ABAC.DataTerm("string","'a mangled \\'string\\''") |
---|
| 155 | head.role_add_data_term(param) |
---|
| 156 | tail=ABAC.Role(marchhare) |
---|
| 157 | attr=ABAC.Attribute(head, 1800) |
---|
| 158 | attr.attribute_add_tail(tail) |
---|
| 159 | attr.attribute_bake() |
---|
| 160 | attr.attribute_write_cert("party_about_string2__marchhare_attr.der") |
---|
| 161 | ctxt.load_attribute_file("party_about_string2__marchhare_attr.der") |
---|
| 162 | print attr.string() |
---|
| 163 | print attr.typed_string() |
---|
| 164 | print "\n" |
---|
| 165 | |
---|
| 166 | ############################################### |
---|
| 167 | # [keyid:Party].role:about_urn([urn:'file://user/local/party/~sillyparty']) |
---|
| 168 | # <- [keyid:MarchHare] |
---|
| 169 | head=ABAC.Role(party,"about_urn") |
---|
| 170 | param=ABAC.DataTerm("urn","'file://user/local/party/~sillyparty'") |
---|
| 171 | head.role_add_data_term(param) |
---|
| 172 | tail=ABAC.Role(marchhare) |
---|
| 173 | attr=ABAC.Attribute(head, 1800) |
---|
| 174 | attr.attribute_add_tail(tail) |
---|
| 175 | attr.attribute_bake() |
---|
| 176 | attr.attribute_write_cert("party_about_urn__marchhare_attr.der") |
---|
| 177 | ctxt.load_attribute_file("party_about_urn__marchhare_attr.der") |
---|
| 178 | print attr.string() |
---|
| 179 | print attr.typed_string() |
---|
| 180 | print "\n" |
---|
| 181 | |
---|
| 182 | ############################################### |
---|
| 183 | # [keyid:Party].role:about_another_float([float:0.22]) |
---|
| 184 | # <- [keyid:MarchHare] |
---|
| 185 | head=ABAC.Role(party,"about_another_float") |
---|
| 186 | param=ABAC.DataTerm("float","0.22") |
---|
| 187 | head.role_add_data_term(param) |
---|
| 188 | tail=ABAC.Role(marchhare) |
---|
| 189 | attr=ABAC.Attribute(head, 1800) |
---|
| 190 | attr.attribute_add_tail(tail) |
---|
| 191 | attr.attribute_bake() |
---|
| 192 | attr.attribute_write_cert("party_about_third_float__marchhare_attr.der") |
---|
| 193 | ctxt.load_attribute_file("party_about_third_float__marchhare_attr.der") |
---|
| 194 | print attr.string() |
---|
| 195 | print attr.typed_string() |
---|
| 196 | print "\n" |
---|
| 197 | |
---|
| 198 | ############################################### |
---|
| 199 | # [keyid:Party].role:about_another_float([float:8]) |
---|
| 200 | # <- [keyid:MarchHare] |
---|
| 201 | head=ABAC.Role(party,"about_another_float") |
---|
| 202 | param=ABAC.DataTerm("float","8") |
---|
| 203 | head.role_add_data_term(param) |
---|
| 204 | tail=ABAC.Role(marchhare) |
---|
| 205 | attr=ABAC.Attribute(head, 1800) |
---|
| 206 | attr.attribute_add_tail(tail) |
---|
| 207 | attr.attribute_bake() |
---|
| 208 | attr.attribute_write_cert("party_about_another_float__marchhare_attr.der") |
---|
| 209 | ctxt.load_attribute_file("party_about_another_float__marchhare_attr.der") |
---|
| 210 | print attr.string() |
---|
| 211 | print attr.typed_string() |
---|
| 212 | print "\n" |
---|
| 213 | |
---|
| 214 | ############################################### |
---|
| 215 | # [keyid:Party].role:about_float([float:-200.0]) |
---|
| 216 | # <- [keyid:MarchHare] |
---|
| 217 | head=ABAC.Role(party,"about_float") |
---|
| 218 | param=ABAC.DataTerm("float","-200.0") |
---|
| 219 | head.role_add_data_term(param) |
---|
| 220 | tail=ABAC.Role(marchhare) |
---|
| 221 | attr=ABAC.Attribute(head, 1800) |
---|
| 222 | attr.attribute_add_tail(tail) |
---|
| 223 | attr.attribute_bake() |
---|
| 224 | attr.attribute_write_cert("party_about_float__marchhare_attr.der") |
---|
| 225 | ctxt.load_attribute_file("party_about_float__marchhare_attr.der") |
---|
| 226 | print attr.string() |
---|
| 227 | print attr.typed_string() |
---|
| 228 | print "\n" |
---|
| 229 | |
---|
| 230 | ############################################### |
---|
| 231 | # [keyid:Party].role:about_another_integer([integer:-7]) |
---|
| 232 | # <- [keyid:MarchHare] |
---|
| 233 | head=ABAC.Role(party,"about_another_integer") |
---|
| 234 | param=ABAC.DataTerm("integer","-7") |
---|
| 235 | head.role_add_data_term(param) |
---|
| 236 | tail=ABAC.Role(marchhare) |
---|
| 237 | attr=ABAC.Attribute(head, 1800) |
---|
| 238 | attr.attribute_add_tail(tail) |
---|
| 239 | attr.attribute_bake() |
---|
| 240 | attr.attribute_write_cert("party_about_another_integer__marchhare_attr.der") |
---|
| 241 | ctxt.load_attribute_file("party_about_another_integer__marchhare_attr.der") |
---|
| 242 | print attr.string() |
---|
| 243 | print attr.typed_string() |
---|
| 244 | print "\n" |
---|
| 245 | |
---|
| 246 | ############################################### |
---|
| 247 | # [keyid:Party].role:about_integer([integer:4]) |
---|
| 248 | # <- [keyid:MarchHare] |
---|
| 249 | head=ABAC.Role(party,"about_integer") |
---|
| 250 | param=ABAC.DataTerm("integer","4") |
---|
| 251 | head.role_add_data_term(param) |
---|
| 252 | tail=ABAC.Role(marchhare) |
---|
| 253 | attr=ABAC.Attribute(head, 1800) |
---|
| 254 | attr.attribute_add_tail(tail) |
---|
| 255 | attr.attribute_bake() |
---|
| 256 | attr.attribute_write_cert("party_about_integer__marchhare_attr.der") |
---|
| 257 | ctxt.load_attribute_file("party_about_integer__marchhare_attr.der") |
---|
| 258 | print attr.string() |
---|
| 259 | print attr.typed_string() |
---|
| 260 | print "\n" |
---|
| 261 | |
---|
| 262 | ############################################### |
---|
| 263 | # [keyid:Party].role:about_boolean([boolean:true]) |
---|
| 264 | # <- [keyid:MarchHare] |
---|
| 265 | head=ABAC.Role(party,"about_boolean") |
---|
| 266 | param=ABAC.DataTerm("boolean","true") |
---|
| 267 | head.role_add_data_term(param) |
---|
| 268 | tail=ABAC.Role(marchhare) |
---|
| 269 | attr=ABAC.Attribute(head, 1800) |
---|
| 270 | attr.attribute_add_tail(tail) |
---|
| 271 | attr.attribute_bake() |
---|
| 272 | attr.attribute_write_cert("party_about_boolean__marchhare_attr.der") |
---|
| 273 | ctxt.load_attribute_file("party_about_boolean__marchhare_attr.der") |
---|
| 274 | print attr.string() |
---|
| 275 | print attr.typed_string() |
---|
| 276 | print "\n" |
---|
| 277 | |
---|
| 278 | ############################################### |
---|
| 279 | # [keyid:Party].role:about_key([keyid:tea]) |
---|
| 280 | # <- [keyid:MarchHare] |
---|
| 281 | head=ABAC.Role(party,"about_key") |
---|
| 282 | param=ABAC.DataTerm(teaID) |
---|
| 283 | head.role_add_data_term(param) |
---|
| 284 | tail=ABAC.Role(marchhare) |
---|
| 285 | attr=ABAC.Attribute(head, 1800) |
---|
| 286 | attr.attribute_add_tail(tail) |
---|
| 287 | attr.attribute_bake() |
---|
| 288 | attr.attribute_write_cert("party_about_key__marchhare_attr.der") |
---|
| 289 | ctxt.load_attribute_file("party_about_key__marchhare_attr.der") |
---|
| 290 | print attr.string() |
---|
| 291 | print attr.typed_string() |
---|
| 292 | print "\n" |
---|
| 293 | |
---|
| 294 | ############################################### |
---|
| 295 | # [keyid:Party].role:about_another_time([time:20201101T182930]) |
---|
| 296 | # <- [keyid:MarchHare] |
---|
| 297 | head=ABAC.Role(party,"about_another_time") |
---|
| 298 | param=ABAC.DataTerm("time","20201101T182930") |
---|
| 299 | head.role_add_data_term(param) |
---|
| 300 | tail=ABAC.Role(marchhare) |
---|
| 301 | attr=ABAC.Attribute(head, 1800) |
---|
| 302 | attr.attribute_add_tail(tail) |
---|
| 303 | attr.attribute_bake() |
---|
| 304 | attr.attribute_write_cert("party_about_another_time__marchhare_attr.der") |
---|
| 305 | ctxt.load_attribute_file("party_about_another_time__marchhare_attr.der") |
---|
| 306 | print attr.string() |
---|
| 307 | print attr.typed_string() |
---|
| 308 | print "\n" |
---|
| 309 | |
---|
| 310 | ############################################### |
---|
| 311 | # [keyid:Party].role:about_time([time:20201101T]) |
---|
| 312 | # <- [keyid:MarchHare] |
---|
| 313 | head=ABAC.Role(party,"about_time") |
---|
| 314 | param=ABAC.DataTerm("time","20201101T") |
---|
| 315 | head.role_add_data_term(param) |
---|
| 316 | tail=ABAC.Role(marchhare) |
---|
| 317 | attr=ABAC.Attribute(head, 1800) |
---|
| 318 | attr.attribute_add_tail(tail) |
---|
| 319 | attr.attribute_bake() |
---|
| 320 | attr.attribute_write_cert("party_about_time__marchhare_attr.der") |
---|
| 321 | ctxt.load_attribute_file("party_about_time__marchhare_attr.der") |
---|
| 322 | print attr.string() |
---|
| 323 | print attr.typed_string() |
---|
| 324 | print "\n" |
---|
| 325 | |
---|
| 326 | ############################################### |
---|
[f824a9e] | 327 | # NOTE: principal parameter type |
---|
[669b481] | 328 | # [keyid:Party].role:guestof([principal:?V]) |
---|
| 329 | # <- [keyid:Party].role:friendOf([principal:?V]) |
---|
| 330 | # |
---|
| 331 | head=ABAC.Role(party,"guestOf") |
---|
| 332 | param=ABAC.DataTerm("principal","V") |
---|
| 333 | head.role_add_data_term(param) |
---|
| 334 | tail=ABAC.Role(party,"friendOf") |
---|
| 335 | param=ABAC.DataTerm("principal","V") |
---|
| 336 | tail.role_add_data_term(param) |
---|
| 337 | attr=ABAC.Attribute(head, 1800) |
---|
| 338 | attr.attribute_add_tail(tail) |
---|
| 339 | attr.attribute_bake() |
---|
| 340 | attr.attribute_write_cert("party_guestof_qV__party_friendof_qV_attr.der") |
---|
| 341 | ctxt.load_attribute_file("party_guestof_qV__party_friendof_qV_attr.der") |
---|
| 342 | print attr.string() |
---|
| 343 | print attr.typed_string() |
---|
| 344 | print "\n" |
---|
| 345 | |
---|
| 346 | ############################################### |
---|
| 347 | # [keyid:Party].role:guests |
---|
| 348 | # <- [keyid:Party].role:friendOf([keyid:MarchHare]) |
---|
| 349 | # |
---|
| 350 | head=ABAC.Role(party,"guests") |
---|
| 351 | tail=ABAC.Role(party,"friendOf") |
---|
| 352 | param=ABAC.DataTerm(marchhareID) |
---|
| 353 | tail.role_add_data_term(param) |
---|
| 354 | attr=ABAC.Attribute(head, 1800) |
---|
| 355 | attr.attribute_add_tail(tail) |
---|
| 356 | attr.attribute_bake() |
---|
| 357 | attr.attribute_write_cert("party_guests__party_friendof_marchhare_attr.der") |
---|
| 358 | ctxt.load_attribute_file("party_guests__party_friendof_marchhare_attr.der") |
---|
| 359 | print attr.string() |
---|
| 360 | print attr.typed_string() |
---|
| 361 | print "\n" |
---|
| 362 | |
---|
| 363 | ############################################### |
---|
| 364 | # [keyid:Party].role:friendOf([keyid:MarchHare]) |
---|
| 365 | # <- [keyid:Dormouse] |
---|
| 366 | # |
---|
| 367 | head=ABAC.Role(party,"friendOf") |
---|
| 368 | param=ABAC.DataTerm(marchhareID) |
---|
| 369 | head.role_add_data_term(param) |
---|
| 370 | tail=ABAC.Role(dormouse) |
---|
| 371 | attr=ABAC.Attribute(head, 1800) |
---|
| 372 | attr.attribute_add_tail(tail) |
---|
| 373 | attr.attribute_bake() |
---|
| 374 | attr.attribute_write_cert("party_friendof_marchhare__dormouse_attr.der") |
---|
| 375 | ctxt.load_attribute_file("party_friendof_marchhare__dormouse_attr.der") |
---|
| 376 | print attr.string() |
---|
| 377 | print attr.typed_string() |
---|
| 378 | print "\n" |
---|
| 379 | |
---|
| 380 | ############################################### |
---|
[f824a9e] | 381 | # NOTE: named principal tail |
---|
[669b481] | 382 | # [keyid:Party].role:friendOf([keyid:Alice]) |
---|
| 383 | # <- [keyid:Hatter] |
---|
| 384 | # |
---|
| 385 | head=ABAC.Role(party,"friendOf") |
---|
| 386 | param=ABAC.DataTerm(aliceID) |
---|
| 387 | head.role_add_data_term(param) |
---|
| 388 | tail=ABAC.Role(hatter) |
---|
| 389 | attr=ABAC.Attribute(head, 1800) |
---|
| 390 | attr.attribute_add_tail(tail) |
---|
| 391 | attr.attribute_bake() |
---|
| 392 | attr.attribute_write_cert("party_friendof_alice__hatter_attr.der") |
---|
| 393 | ctxt.load_attribute_file("party_friendof_alice__hatter_attr.der") |
---|
| 394 | print attr.string() |
---|
| 395 | print attr.typed_string() |
---|
| 396 | print "\n" |
---|
| 397 | |
---|