source: examples/python_tests/alumni3_ctxt_rt1/attr.py @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 5.8 KB
Line 
1#!/usr/bin/env python
2
3"""
4See README in this directory for the semantics of the example.  This file
5constructs the credentials described and puts copies into this directory
6
7cmd1:env keystore=`pwd` ./attr.py
8"""
9
10import os
11import ABAC
12
13ctxt = ABAC.Context()
14print "ABAC version %s" % ctxt.version()
15
16# Keystore is the directory containing the principal credentials.
17# Load existing principals and/or policy credentials
18if (os.environ.has_key("keystore")) :
19    keystore=os.environ["keystore"]
20    ctxt.load_directory(keystore)
21else:
22    print("keystore is not set...")
23    exit(1)
24
25out = ctxt.context_principals()
26print "...initial principal set..."
27for x in out[1]:
28    print "%s " % x.string()
29print "\n" 
30
31out = ctxt.context_credentials()
32print "...initial policy attribute set..."
33for c in out[1]:
34    print "%s <- %s" % (c.head_string(), c.tail_string())
35print "\n"
36
37# retrieve principals' keyid value from local credential files
38stateUID=ABAC.ID("StateU_ID.pem")
39stateUID.id_load_privkey_file("StateU_private.pem")
40stateU=stateUID.id_keyid()
41
42bobID=ABAC.ID("Bob_ID.pem")
43bobID.id_load_privkey_file("Bob_private.pem")
44bob=bobID.id_keyid()
45
46markID=ABAC.ID("Mark_ID.pem")
47markID.id_load_privkey_file("Mark_private.pem")
48mark=markID.id_keyid()
49
50joeID=ABAC.ID("Joe_ID.pem")
51joeID.id_load_privkey_file("Joe_private.pem")
52joe=joeID.id_keyid()
53
54maryannID=ABAC.ID("Maryann_ID.pem")
55maryannID.id_load_privkey_file("Maryann_private.pem")
56maryann=maryannID.id_keyid()
57
58janID=ABAC.ID("Jan_ID.pem")
59janID.id_load_privkey_file("Jan_private.pem")
60jan=janID.id_keyid()
61
62################################################
63# Credential 1, this policy has two range constraints on different parameters
64# [keyid:stateU].role:foundingAlumni
65#              <- [keyid:stateU].role:diploma([string:?D:['mathmatics','psychology']],
66#                                             [integer:?Year:[1960,1961,1963]])
67head = ABAC.Role(stateU,"foundingAlumni")
68
69# initialize a string range constraint
70cond=ABAC.Constraint("string")
71
72# add specific string values to the constraint
73cond.constraint_add_string_target("'mathmatics'")
74cond.constraint_add_string_target("'psychology'")
75
76# create the parameter with the string range constraint
77param1=ABAC.DataTerm("string", "D", cond)
78
79# initialize another constratnt that is of integer type
80cond=ABAC.Constraint("integer")
81
82# add specific integer values to the constraint
83cond.constraint_add_integer_target(1960)
84cond.constraint_add_integer_target(1961)
85cond.constraint_add_integer_target(1963)
86
87# create the parameter with the integer range constraint
88param2=ABAC.DataTerm("integer", "Year", cond)
89tail = ABAC.Role(stateU,"diploma")
90
91# add the parameter with conditions to a role
92tail.role_add_data_term(param1)
93tail.role_add_data_term(param2)
94
95# build up the policy rule
96attr=ABAC.Attribute(head, 1800)
97attr.attribute_add_tail(tail)
98
99# finalize the policy rule
100attr.attribute_bake()
101
102# save it to a credential file
103attr.attribute_write_cert("StateU_foundingAlumni__stateU_diploma_q_qY_attr.der")
104print attr.string() 
105print attr.typed_string()
106print "\n"
107
108#################################################
109# Credential 2
110# [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob]
111param1=ABAC.DataTerm("string", "'mathmatics'")
112param2=ABAC.DataTerm("integer", "1961")
113head = ABAC.Role(stateU,"diploma")
114head.role_add_data_term(param1)
115head.role_add_data_term(param2)
116tail = ABAC.Role(bob)
117attr=ABAC.Attribute(head, 1800)
118attr.attribute_add_tail(tail)
119attr.attribute_bake()
120attr.attribute_write_cert("StateU_diploma_m__Bob_attr.der")
121print attr.string() 
122print attr.typed_string()
123print "\n"
124
125#################################################
126# Credential 3
127# [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1965]) <- [keyid:mark]
128param1=ABAC.DataTerm("string", "'mathmatics'")
129param2=ABAC.DataTerm("integer", "1965")
130head = ABAC.Role(stateU,"diploma")
131head.role_add_data_term(param1)
132head.role_add_data_term(param2)
133tail = ABAC.Role(mark)
134attr=ABAC.Attribute(head, 1800)
135attr.attribute_add_tail(tail)
136attr.attribute_bake()
137attr.attribute_write_cert("StateU_diploma_m__Mark_attr.der")
138print attr.string() 
139print attr.typed_string()
140print "\n"
141
142
143#################################################
144# Credential 4
145# [keyid:stateU].role:diploma([string:'zoology'],[integer:1961]) <- [keyid:joe]
146param1=ABAC.DataTerm("string", "'zoology'")
147param2=ABAC.DataTerm("integer", "1961")
148head = ABAC.Role(stateU,"diploma")
149head.role_add_data_term(param1)
150head.role_add_data_term(param2)
151tail = ABAC.Role(joe)
152attr=ABAC.Attribute(head, 1800)
153attr.attribute_add_tail(tail)
154attr.attribute_bake()
155attr.attribute_write_cert("StateU_diploma_z__Joe_attr.der")
156print attr.string() 
157print attr.typed_string()
158print "\n"
159
160#################################################
161# Credential 5
162# [keyid:stateU].role:diploma([string:'psychology'],[integer:1962])
163#                             <- [keyid:maryann]
164param1=ABAC.DataTerm("string", "'psychology'")
165param2=ABAC.DataTerm("integer", "1962")
166head = ABAC.Role(stateU,"diploma")
167head.role_add_data_term(param1)
168head.role_add_data_term(param2)
169tail = ABAC.Role(maryann)
170attr=ABAC.Attribute(head, 1800)
171attr.attribute_add_tail(tail)
172attr.attribute_bake()
173attr.attribute_write_cert("StateU_diploma_p__Maryann_attr.der")
174print attr.string() 
175print attr.typed_string()
176print "\n"
177
178#################################################
179# Credential 6
180# [keyid:stateU].role:diploma([string:'psychology'],[integer:1960])
181#                              <- [keyid:jan]
182param1=ABAC.DataTerm("string", "'psychology'")
183param2=ABAC.DataTerm("integer", "1960")
184head = ABAC.Role(stateU,"diploma")
185head.role_add_data_term(param1)
186head.role_add_data_term(param2)
187tail = ABAC.Role(jan)
188attr=ABAC.Attribute(head, 1800)
189attr.attribute_add_tail(tail)
190attr.attribute_bake()
191attr.attribute_write_cert("StateU_diploma_p__Jan_attr.der")
192print attr.string() 
193print attr.typed_string()
194print "\n"
195
196###############################
Note: See TracBrowser for help on using the repository browser.