[2e9455f] | 1 | #!/usr/bin/env python |
---|
| 2 | |
---|
| 3 | """ |
---|
| 4 | Run the queries described in README |
---|
| 5 | |
---|
| 6 | cmd1:env keystore=`pwd` ./query.py |
---|
| 7 | cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py |
---|
| 8 | |
---|
| 9 | """ |
---|
| 10 | |
---|
| 11 | import os |
---|
| 12 | import ABAC |
---|
| 13 | |
---|
| 14 | ########################################## |
---|
| 15 | # dump the loaded principals/policies |
---|
| 16 | # |
---|
| 17 | def dumpCred(CTXT, STRING): |
---|
| 18 | out = CTXT.context_principals() |
---|
| 19 | print "\n...%s principals" %STRING |
---|
| 20 | for x in out[1]: |
---|
| 21 | print "%s " % x.string() |
---|
| 22 | out = CTXT.context_credentials() |
---|
| 23 | print "\n...%s attributes" %STRING |
---|
| 24 | for c in out[1]: |
---|
| 25 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 26 | return |
---|
| 27 | |
---|
| 28 | ########################################## |
---|
| 29 | # role=[keyid:stateU].role:foundingAlumni |
---|
| 30 | # p=[keyid:WHO] |
---|
| 31 | def askAbout(CTXT, WHO, STRING): |
---|
| 32 | print "\n%s" %STRING |
---|
| 33 | role = ABAC.Role(stateU,"foundingAlumni") |
---|
| 34 | p = ABAC.Role(WHO) |
---|
| 35 | out = CTXT.query(role, p) |
---|
| 36 | for c in out[1]: |
---|
| 37 | print "%s <- %s" % (c.head_string(), c.tail_string()) |
---|
| 38 | return |
---|
| 39 | |
---|
| 40 | ############################### |
---|
| 41 | ctxtA = ABAC.Context() |
---|
| 42 | ctxtA.set_no_partial_proof() |
---|
| 43 | |
---|
| 44 | ctxtC = ABAC.Context() |
---|
| 45 | ctxtC.set_no_partial_proof() |
---|
| 46 | ############################### |
---|
| 47 | |
---|
| 48 | # retrieve principals' keyid value from local credential files |
---|
| 49 | stateUID=ABAC.ID("StateU_ID.pem") |
---|
| 50 | stateUID.id_load_privkey_file("StateU_private.pem") |
---|
| 51 | stateU=stateUID.id_keyid() |
---|
| 52 | |
---|
| 53 | bobID=ABAC.ID("Bob_ID.pem") |
---|
| 54 | bob=bobID.id_keyid() |
---|
| 55 | |
---|
| 56 | markID=ABAC.ID("Mark_ID.pem") |
---|
| 57 | mark=markID.id_keyid() |
---|
| 58 | |
---|
| 59 | joeID=ABAC.ID("Joe_ID.pem") |
---|
| 60 | joe=joeID.id_keyid() |
---|
| 61 | |
---|
| 62 | maryannID=ABAC.ID("Maryann_ID.pem") |
---|
| 63 | maryann=maryannID.id_keyid() |
---|
| 64 | |
---|
| 65 | janID=ABAC.ID("Jan_ID.pem") |
---|
| 66 | jan=janID.id_keyid() |
---|
| 67 | |
---|
| 68 | ctxtA.load_id(stateUID) |
---|
| 69 | ctxtA.load_id(bobID) |
---|
| 70 | ctxtA.load_id(markID) |
---|
| 71 | |
---|
| 72 | ctxtC.load_id(stateUID) |
---|
| 73 | |
---|
| 74 | ################################################ |
---|
| 75 | # Credential 1, this policy has two range constraints on different parameters |
---|
| 76 | # [keyid:stateU].role:foundingAlumni |
---|
| 77 | # <- [keyid:stateU].role:diploma([string:?D:['mathmatics','psychology']], |
---|
| 78 | # [integer:?Year:[1960,1961,1963]]) |
---|
| 79 | ctxtA.load_attribute_file("StateU_foundingAlumni__stateU_diploma_q_qY_attr.der") |
---|
| 80 | ctxtC.load_attribute_file("StateU_foundingAlumni__stateU_diploma_q_qY_attr.der") |
---|
| 81 | |
---|
| 82 | ################################################# |
---|
| 83 | # Credential 2 |
---|
| 84 | # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob] |
---|
| 85 | ctxtA.load_attribute_file("StateU_diploma_m__Bob_attr.der") |
---|
| 86 | |
---|
| 87 | ################################################# |
---|
| 88 | # Credential 3 |
---|
| 89 | # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1965]) <- [keyid:mark] |
---|
| 90 | ctxtA.load_attribute_file("StateU_diploma_m__Mark_attr.der") |
---|
| 91 | |
---|
| 92 | ############################### |
---|
| 93 | ctxtB = ABAC.Context(ctxtA) |
---|
| 94 | ctxtB.set_no_partial_proof() |
---|
| 95 | |
---|
| 96 | ctxtB.load_id(joeID) |
---|
| 97 | ctxtB.load_id(maryannID) |
---|
| 98 | ctxtB.load_id(janID) |
---|
| 99 | ############################### |
---|
| 100 | ctxtC.load_id(maryannID) |
---|
| 101 | ctxtC.load_id(janID) |
---|
| 102 | ############################### |
---|
| 103 | |
---|
| 104 | ########################################################################## |
---|
| 105 | # Credential 4 |
---|
| 106 | # [keyid:stateU].role:diploma([string:'zoology'],[integer:1961]) <- [keyid:joe] |
---|
| 107 | ctxtB.load_attribute_file("StateU_diploma_z__Joe_attr.der") |
---|
| 108 | |
---|
| 109 | ################################################# |
---|
| 110 | # Credential 5 |
---|
| 111 | # [keyid:stateU].role:diploma([string:'psychology'],[integer:1962]) |
---|
| 112 | # <- [keyid:maryann] |
---|
| 113 | ctxtB.load_attribute_file("StateU_diploma_p__Maryann_attr.der") |
---|
| 114 | ctxtC.load_attribute_file("StateU_diploma_p__Maryann_attr.der") |
---|
| 115 | |
---|
| 116 | ################################################# |
---|
| 117 | # Credential 6 |
---|
| 118 | # [keyid:stateU].role:diploma([string:'psychology'],[integer:1960]) |
---|
| 119 | # <- [keyid:jan] |
---|
| 120 | ctxtB.load_attribute_file("StateU_diploma_p__Jan_attr.der") |
---|
| 121 | ctxtC.load_attribute_file("StateU_diploma_p__Jan_attr.der") |
---|
| 122 | |
---|
| 123 | ############################### |
---|
| 124 | dumpCred(ctxtA, "ctxtA") |
---|
| 125 | dumpCred(ctxtB, "ctxtB") |
---|
| 126 | dumpCred(ctxtC, "ctxtC") |
---|
| 127 | |
---|
| 128 | askAbout(ctxtA, bob, "\n===good============ ctxtA,stateU.foundingAlumni <- Bob") |
---|
| 129 | askAbout(ctxtB, bob, "\n===good============ ctxtB,stateU.foundingAlumni <- Bob") |
---|
| 130 | askAbout(ctxtC, bob, "\n===bad============ ctxtC,stateU.foundingAlumni <- Bob") |
---|
| 131 | |
---|
| 132 | askAbout(ctxtA, jan, "\n===bad============ ctxtA,stateU.foundingAlumni <- Jan") |
---|
| 133 | askAbout(ctxtB, jan, "\n===good============ ctxtB,stateU.foundingAlumni <- Jan") |
---|
| 134 | askAbout(ctxtC, jan, "\n===good============ ctxtC,stateU.foundingAlumni <- Jan") |
---|
| 135 | |
---|