[669b481] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
[f824a9e] | 4 | Run the queries described in README |
---|
[669b481] | 5 | |
---|
| 6 | cmd1:env keystore=`pwd` ./query.py |
---|
| 7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
---|
| 8 | |
---|
| 9 | """ |
---|
| 10 | |
---|
| 11 | import os |
---|
| 12 | import ABAC |
---|
| 13 | |
---|
| 14 | ctxt = ABAC.Context() |
---|
[646e57e] | 15 | ctxt.set_no_partial_proof() |
---|
[669b481] | 16 | |
---|
[f824a9e] | 17 | # Keystore is the directory containing the principal credentials. |
---|
| 18 | # Load existing principals and/or policy credentials |
---|
| 19 | if (os.environ.has_key("keystore")) : |
---|
| 20 | keystore=os.environ["keystore"] |
---|
| 21 | ctxt.load_directory(keystore) |
---|
| 22 | else: |
---|
| 23 | print("keystore is not set...") |
---|
| 24 | exit(1) |
---|
[669b481] | 25 | |
---|
[f824a9e] | 26 | # retrieve principals' keyid value from local credential files |
---|
[669b481] | 27 | aliceID=ABAC.ID("Alice_ID.pem") |
---|
| 28 | aliceID.id_load_privkey_file("Alice_private.pem") |
---|
| 29 | alice=aliceID.id_keyid() |
---|
| 30 | |
---|
| 31 | partyID=ABAC.ID("Party_ID.pem") |
---|
| 32 | partyID.id_load_privkey_file("Party_private.pem") |
---|
| 33 | party=partyID.id_keyid() |
---|
| 34 | |
---|
| 35 | teaID=ABAC.ID("Tea_ID.pem") |
---|
| 36 | teaID.id_load_privkey_file("Tea_private.pem") |
---|
| 37 | tea=teaID.id_keyid() |
---|
| 38 | |
---|
| 39 | hatterID=ABAC.ID("Hatter_ID.pem") |
---|
| 40 | hatterID.id_load_privkey_file("Hatter_private.pem") |
---|
| 41 | hatter=hatterID.id_keyid() |
---|
| 42 | |
---|
| 43 | marchhareID=ABAC.ID("Marchhare_ID.pem") |
---|
| 44 | marchhareID.id_load_privkey_file("Marchhare_private.pem") |
---|
| 45 | marchhare=marchhareID.id_keyid() |
---|
| 46 | |
---|
| 47 | dormouseID=ABAC.ID("Dormouse_ID.pem") |
---|
| 48 | dormouseID.id_load_privkey_file("Dormouse_private.pem") |
---|
| 49 | dormouse=dormouseID.id_keyid() |
---|
| 50 | |
---|
[f824a9e] | 51 | ########################################################################## |
---|
| 52 | # dump the loaded principals/policies |
---|
| 53 | # |
---|
| 54 | out = ctxt.context_principals() |
---|
| 55 | print "\n...final principal set..." |
---|
| 56 | for x in out[1]: |
---|
| 57 | print "%s " % x.string() |
---|
| 58 | out = ctxt.context_credentials() |
---|
| 59 | print "\n...final policy attribute set..." |
---|
| 60 | for c in out[1]: |
---|
| 61 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
[669b481] | 62 | |
---|
| 63 | ########################################################################## |
---|
[f824a9e] | 64 | # can dormouse be a guest at the party ? |
---|
[669b481] | 65 | # role=[keyid:Party].role:guests |
---|
| 66 | # p=[keyid:dormouse] |
---|
| 67 | role = ABAC.Role(party,"guests") |
---|
| 68 | p = ABAC.Role(dormouse) |
---|
| 69 | print "\n===good============ Party.guests <- dourmouse" |
---|
| 70 | out = ctxt.query(role, p) |
---|
| 71 | for c in out[1]: |
---|
| 72 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 73 | |
---|
| 74 | ########################################################################## |
---|
[f824a9e] | 75 | # can hatter be a guest at the party ? |
---|
[669b481] | 76 | # role=[keyid:Party].role:guests |
---|
| 77 | # p=[keyid:hatter] |
---|
| 78 | role = ABAC.Role(party,"guests") |
---|
| 79 | p = ABAC.Role(hatter) |
---|
| 80 | print "\n===bad============ Party.guests <- hatter" |
---|
| 81 | out = ctxt.query(role, p) |
---|
| 82 | for c in out[1]: |
---|
| 83 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 84 | |
---|