#!/usr/bin/env python

"""
Run the queries described in README

cmd1:env keystore=`pwd` ./query.py 
cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py

"""

import os
import ABAC

ctxt = ABAC.Context()

# Keystore is the directory containing the principal credentials.
# Load existing principals and/or policy credentials
if (os.environ.has_key("keystore")) :
    keystore=os.environ["keystore"]
    ctxt.load_directory(keystore)
else:
    print("keystore is not set...")
    exit(1)

# retrieve principals' keyid value from local credential files
aliceID=ABAC.ID("Alice_ID.pem")
aliceID.id_load_privkey_file("Alice_private.pem")
alice=aliceID.id_keyid()

partyID=ABAC.ID("Party_ID.pem")
partyID.id_load_privkey_file("Party_private.pem")
party=partyID.id_keyid()

teaID=ABAC.ID("Tea_ID.pem")
teaID.id_load_privkey_file("Tea_private.pem")
tea=teaID.id_keyid()

hatterID=ABAC.ID("Hatter_ID.pem")
hatterID.id_load_privkey_file("Hatter_private.pem")
hatter=hatterID.id_keyid()

marchhareID=ABAC.ID("Marchhare_ID.pem")
marchhareID.id_load_privkey_file("Marchhare_private.pem")
marchhare=marchhareID.id_keyid()

dormouseID=ABAC.ID("Dormouse_ID.pem")
dormouseID.id_load_privkey_file("Dormouse_private.pem")
dormouse=dormouseID.id_keyid()

##########################################################################
# dump the loaded principals/policies
#
out = ctxt.context_principals()
print "\n...final principal set..."
for x in out[1]:
    print "%s " % x.string()
out = ctxt.context_credentials()
print "\n...final policy attribute set..."
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# can dormouse be a guest at the party ?
# role=[keyid:Party].role:guests 
# p=[keyid:dormouse]
role = ABAC.Role(party,"guests")
p = ABAC.Role(dormouse)
print "\n===good============ Party.guests <- dourmouse"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())

##########################################################################
# can hatter be a guest at the party ?
# role=[keyid:Party].role:guests 
# p=[keyid:hatter]
role = ABAC.Role(party,"guests")
p = ABAC.Role(hatter)
print "\n===bad============ Party.guests <- hatter"
out = ctxt.query(role, p)
for c in out[1]:
    print "%s <- %s" % (c.head_string(), c.tail_string())