#!/usr/bin/env python """ Run the queries described in README cmd1:env keystore=`pwd` ./query.py cmd2: env ABAC_CN=1 keystore=`pwd` ./query.py """ import os import ABAC ########################################## # dump the loaded principals/policies # def dumpCred(CTXT, STRING): out = CTXT.context_principals() print "\n...%s principals" %STRING for x in out[1]: print "%s " % x.string() out = CTXT.context_credentials() print "\n...%s attributes" %STRING for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) return ########################################## # role=[keyid:stateU].role:foundingAlumni # p=[keyid:WHO] def askAbout(CTXT, WHO, STRING): print "\n%s" %STRING role = ABAC.Role(stateU,"foundingAlumni") p = ABAC.Role(WHO) out = CTXT.query(role, p) for c in out[1]: print "%s <- %s" % (c.head_string(), c.tail_string()) return ############################### ctxtA = ABAC.Context() ctxtA.set_no_partial_proof() ctxtC = ABAC.Context() ctxtC.set_no_partial_proof() ############################### # retrieve principals' keyid value from local credential files stateUID=ABAC.ID("StateU_ID.pem") stateUID.id_load_privkey_file("StateU_private.pem") stateU=stateUID.id_keyid() bobID=ABAC.ID("Bob_ID.pem") bob=bobID.id_keyid() markID=ABAC.ID("Mark_ID.pem") mark=markID.id_keyid() joeID=ABAC.ID("Joe_ID.pem") joe=joeID.id_keyid() maryannID=ABAC.ID("Maryann_ID.pem") maryann=maryannID.id_keyid() janID=ABAC.ID("Jan_ID.pem") jan=janID.id_keyid() ctxtA.load_id(stateUID) ctxtA.load_id(bobID) ctxtA.load_id(markID) ctxtC.load_id(stateUID) ################################################ # Credential 1, this policy has two range constraints on different parameters # [keyid:stateU].role:foundingAlumni # <- [keyid:stateU].role:diploma([string:?D:['mathmatics','psychology']], # [integer:?Year:[1960,1961,1963]]) ctxtA.load_attribute_file("StateU_foundingAlumni__stateU_diploma_q_qY_attr.der") ctxtC.load_attribute_file("StateU_foundingAlumni__stateU_diploma_q_qY_attr.der") ################################################# # Credential 2 # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1961]) <- [keyid:bob] ctxtA.load_attribute_file("StateU_diploma_m__Bob_attr.der") ################################################# # Credential 3 # [keyid:stateU].role:diploma([string:'mathmatics'],[integer:1965]) <- [keyid:mark] ctxtA.load_attribute_file("StateU_diploma_m__Mark_attr.der") ############################### ctxtB = ABAC.Context(ctxtA) ctxtB.set_no_partial_proof() ctxtB.load_id(joeID) ctxtB.load_id(maryannID) ctxtB.load_id(janID) ############################### ctxtC.load_id(maryannID) ctxtC.load_id(janID) ############################### ########################################################################## # Credential 4 # [keyid:stateU].role:diploma([string:'zoology'],[integer:1961]) <- [keyid:joe] ctxtB.load_attribute_file("StateU_diploma_z__Joe_attr.der") ################################################# # Credential 5 # [keyid:stateU].role:diploma([string:'psychology'],[integer:1962]) # <- [keyid:maryann] ctxtB.load_attribute_file("StateU_diploma_p__Maryann_attr.der") ctxtC.load_attribute_file("StateU_diploma_p__Maryann_attr.der") ################################################# # Credential 6 # [keyid:stateU].role:diploma([string:'psychology'],[integer:1960]) # <- [keyid:jan] ctxtB.load_attribute_file("StateU_diploma_p__Jan_attr.der") ctxtC.load_attribute_file("StateU_diploma_p__Jan_attr.der") ############################### dumpCred(ctxtA, "ctxtA") dumpCred(ctxtB, "ctxtB") dumpCred(ctxtC, "ctxtC") askAbout(ctxtA, bob, "\n===good============ ctxtA,stateU.foundingAlumni <- Bob") askAbout(ctxtB, bob, "\n===good============ ctxtB,stateU.foundingAlumni <- Bob") askAbout(ctxtC, bob, "\n===bad============ ctxtC,stateU.foundingAlumni <- Bob") askAbout(ctxtA, jan, "\n===bad============ ctxtA,stateU.foundingAlumni <- Jan") askAbout(ctxtB, jan, "\n===good============ ctxtB,stateU.foundingAlumni <- Jan") askAbout(ctxtC, jan, "\n===good============ ctxtC,stateU.foundingAlumni <- Jan")